 |
| An AI-generated image |
Context
Due to some geeky security interest I needed a solution to capture and analyze the web traffic of the devices in my home.
I installed Pi-Hole on an old Raspberry Pi 2 and configured it as a local DNS server to be used by my router. So, every internet connection request by the devices in my local network are logged into this small rpi2 and I can analyze local network traffic with the convenient web user interface of Pi-Hole.
The process of analyzing logs for a basic network overview is tiresome, especially when I’m just looking for a summary of my local network internet traffic for any anomaly e.g. adware activities and pornography consumption
Planning
I wanted to automate the process local internet traffic summarization the following way
- Collect network traffic after an X-hour interval
- Filter out unique queries as there might be multiple logs for the same DNS query
- Send the DNS queries to Gemini for a summary
- Send a notification email to me
Setup
- Install Pi-Hole on rpi2
- Assign the rpi2 a static IP address so it has a unique identity as a DNS server in the local network
- Confiture the router to use the rpi2 IP address as its primary DNS server
- Configure the Pi-hole AI Analyzer in a cron job into the rpi2 to do an analysis cycle after X hours.
The analysis cycle is Collecting DNS query from Pi-Hole API endpoint → Sanitizing the Queries → Send it to Gemini for summarization → Send an email to me
Development
The implementation is pretty simple that a beginner to intermediate level enthusiast can easily code in Python and deploy the total system in 7days. So, I used Google’s AI studio to generate code. Once done, I reviewed the code and deployed it into my local rpi2.
Testing and Findings
The project is for personal use and in the PoC phase. So far it is working fine for the past few weeks without any system crash or major mistakes.
The language model reads the urls only and try to assume any inconsistent network traffic. So, it misses some dns that can be understood by human analyzers, for example, a content delivery network dns record of a little known adult content website.
To Dos
- Checking dns records against known blacklists, URLhaus and Virustotal before directly sending it to the LLM entity for summarization
- Put time interval in getting Pi-hole DNS logs
Repository
