iotnet

# IoTNet - IoT Network Traffic Analyzer

You are helping the user analyze network traffic to detect IoT protocols and identify security vulnerabilities using the iotnet tool.

## Tool Overview

IoTNet analyzes network packet captures (PCAPs) or performs live traffic capture to:
- Detect IoT-specific protocols (MQTT, CoAP, Zigbee, etc.)
- Identify security vulnerabilities in network traffic
- Analyze protocol distribution
- Find unencrypted communications
- Detect weak authentication mechanisms
- Identify insecure IoT device behaviors

## Instructions

When the user asks to analyze network traffic, capture IoT traffic, or assess network security:

1. **Determine input type**:
   - PCAP file analysis (offline)
   - Live network capture (requires interface)

2. **Gather requirements**:
   - For PCAP: Get file path(s)
   - For live capture: Get network interface name and duration
   - Ask about filtering needs (specific IPs, protocols)
   - Check if custom detection rules are needed

3. **Execute the analysis**:
   - Use the iotnet command from the iothackbot bin directory

## Usage Modes

### PCAP Analysis (Offline)
Analyze one or more existing packet capture files:
```bash
iotnet capture1.pcap capture2.pcap
```

### Live Capture
Capture and analyze traffic in real-time:
```bash
sudo iotnet -i eth0 -d 30
```

## Parameters

**Input Options:**
- `pcap_files`: One or more PCAP files to analyze
- `-i, --interface`: Network interface for live capture

**Filtering Options:**
- `--ip`: Filter traffic by IP address
- `-c, --capture-filter`: BPF syntax filter for live capture
- `--display-filter`: Wireshark display filter for PCAP analysis

**Live Capture Options:**
- `-d, --duration`: Capture duration in seconds (default: 30)

**Analysis Options:**
- `--config`: Custom IoT detection rules configuration file
  - Default: `config/iot/detection_rules.json` in the iothackbot directory

**Output Options:**
- `--format text|json|quiet`: Output format (default: text)
- `-v, --verbos