X-Ray your LAN with the FingBox

Local Area Networks (LANs) for the home have pretty much become a requisite for modern living. Typically, we know little about how they work and what they are actually doing. And as we attach more and more devices to them we know less and less.

Pundits tell us that our LAN is going to be the backbone of all the many, many new Web-enabled devices that will come into our homes in the next few years. We already (probably) have Alexa in our living rooms, joining the Internet-connected Smart TV we bought the year before last. Your central heating system may well already be anticipating cold nights by reading weather reports direct from the Met Office. Does your washing machine commune with its manufacturer through Cyberspace? If not now, your next one almost certainly will. Likewise your fridge-freezer and your gas meter.

With a lot more to come. These Internet of Things (IoT) devices will have strictly limited human interfaces compared with the computers, tablets and phones we’ve become used to. Their security—the ability to resist intrusion from outside agencies—is euphemistically referred to by experts as “soft”. It will improve over time, but currently that digital lock you fitted to your front door so that trusted carriers like Amazon can deliver parcels in your absence, is almost certainly at risk of being hacked by a technically savvy burglar.

Let’s not wait until our LAN has proliferated into a mysterious jungle of unknown risks.

Fing is an Android and iOS application that fills that information gap, identifying and listing all your connected devices and able to security check and troubleshoot your LAN. The Fingbox is an optional hardware supplement to Fing that supplies even more information and sends out alerts about changing conditions. It can also intervene, shutting off suspect devices or scheduling Internet connection times to optimise bandwidth allocation or control children’s use of computers, tablets and phones.


Fingbox and the Fing appThe simple setup leaflet bundled with the package makes minimal assumptions about the user’s prior knowledge of IT. It tells you how to choose the power supply plug’s configuration between UK and Continental and even that the supplied network cable should be unwrapped from its plastic package before plugging it into the Ethernet socket on the device.

The Fingbox itself is a squat white cylinder that lives inside a closely fitting blue TPU shell. The shell has an access hole through which the two cables (microUSB power and Ethernet) need to be fed before plugging them into white core device. Once you’ve fitted the blue shell around the core, the Fingbox becomes a modest, saucer-sized presence, probably somewhere on the floor, preferably close to your central router. Connection to a switch somewhere else on your network is possible, but not recommended.

When plugged into the mains, a ring of lights appears around the top of the Fingbox. This colour-coded display is similar to the aura that crowns Amazon’s Dot and Echo devices—although with many fewer individual LEDs and animation when used is more stilted.

During this first-time setup the lights may take some time to settle down to a steady green. During this interval, the Fingbox is investigating your LAN, quizzing the components its finds there and trying to guess at their individual characteristics.

The Fing App settings pageThese guesses become evident once you’ve downloaded and installed the Fing app on your phone. When you then set up a Fing account (you can optionally use your existing Google account to do this) and have followed the “Add Fingbox” instructions, you’ll be able to see the complete list of all your networked devices. Individual devices can be renamed and optionally allocated to various occupants of the household.

The Fing app is a free download that’s worth having whether you own a Fingbox or not. This powerful network scanning app is useful if you want to identify what devices are on your network—always a good idea, as I’ve argued above.  It will let you know whether they’re actively connected and optionally send you alerts whenever this state changes.

*It was thanks to this feature of the Fingbox that I discovered the new Epson EcoTank printer I hope to review later this year seems to have a non-trivial design flaw. It can be arranged, ecologically, to switch off after a user-selected period of non-use. But without WoL it has to be manually switched on again before it will respond to network printing requests.
It can also scan your network for open ports (points of potential vulnerability that might let intruders in). Devices able to carry out WoL (Wake-on-LAN*, a feature that allows a device to enter a very low power sleep mode until it receives a specific signal from the network) can be woken up by the Fing app as required.

But the Fing app is necessarily limited by being confined to your phone and therefore only intermittently connected to your LAN by a wireless link. The Fingbox, on the other hand, monitors your network via a permanently connected 1 Gbps Ethernet cable.  So it can report Internet outages whenever they occur, and perform accurate speed tests on your Internet connection, measuring latency, upload and download speeds. Optionally, Fingbox can email you a monthly report about the overall performance of your Internet connection.

Your First Day with Fingbox

Fingbox colour codes

The chameleon colour codes of the Fingbox are listed in the free Fing app under Account and Settings/Get Help/LED Light Guide.

This is actually the title of a chapter in the very substantial Support section of the Android app. The Support section is hidden rather too deeply inside the app, but is well worth discovering if you want to take full advantage of the app’s capabilitities, particularly when it’s supplemented by the physical Fingbox.

The main page of the Fing app is switchable between three modes focussing on your Devices, your Network and People. (The People mode is there because once you’ve identified devices on your network you can allocate them to their appropriate owners. A pseudo-geofencing feature of the Fingbox then allows you to log their “Digital Presence”.)

The screens for all of these three modes carry your log-on icon in the top right corner. It took me a long time to realise that a touch on that icon will take me to Account and Settings. From here you can change the settings of both the app and the physical Fingbox, for example, changing the intensity of its LEDs or deciding whether or not it is automatically to block new devices as they attempt to join your LAN. There’s also a setting here to create an optional monthly summary of your overall Internet performance.

The Account and Settings/Get Help menu item is a gateway into Support. Here you’ll find a page of large icons labelled Fingbox Support, Fingbox App Support and Fing CLI Support. The first two are self-explanatory. This section offers a guide to downloading and installing appropriate software tools for the Mac, Windows, Linux and various types of NAS (network attached storage). But if you didn’t know that CLI stands for Command Line Interface you can safely ignore all this.

The Fingbox Support section is where you’ll find “Your First Day with Fingbox” and a host of other articles that will take you deeper into the Fingbox than I could ever hope to do in this review.

What the Fingbox Can’t Do

During testing of the Fingbox, I discovered an unrelated app on my phone that was failing to load as a result of data it was requesting from a remote Internet address. It occurred to me that a quick fix might be to prevent the app accessing that address.

Was this a case for the Fingbox? The Fingbox literature says you can set alerts for—and block—“new devices connecting to your network”. I couldn’t anywhere find how to do this for a remote IP address. But, like all good apps, as I’ve already mentioned, the Fing app offers a direct connection to its Support Desk.

The response came impressively quickly, in under an hour. Unfortunately, it seemed I hadn’t explained the problem properly. What I received was a link to an article (which I’d already read) explaining how to block devices already showing up on the LAN, having joined your other devices on your local subnet.

Fingbox devices listThese show up in the Devices tab as a list that can be sorted by a variety of parameters, including IP address, MAC address, state (whether currently connected),  most recent change of state, vendor name, arbitrary name (that you’ve assigned the device) and so on. This sorting feature, combined with the ability to filter on any of these parameters, is something that will become ever more useful as your LAN (inevitably) grows as the Internet of Things takes hold.

However, the external address I was trying to block wasn’t on my subnet and didn’t, of course, appear in my list. I needed help.

There’s a general problem with Support Desks right across the industry. After several email exchanges typical of Support Desks of all flavours (discussed in more detail here), it eventually became clear that you need something other than a Fingbox to deny contact between your LAN and any particular rogue external IP address.

In fact, this is properly the job of the Internet router (the device connecting your LAN to your service provider’s route to the Internet). Any decently designed Internet router should be able to store a list of particular remote IP addresses or range of addresses that aren’t allowed to access your LAN. Unfortunately, my router is one of many much-simplified devices bundled with the Internet service and doesn’t offer that feature.

Yes, Virgin Media and your so-called SuperHub 2, I’m looking at you.

Your No-Rent LAN-Lord

The first manifestation of Fingbox was as a subscription service. Two tiers were initially offered: Fingbox Home for $3.99/month (or $39/year) and Fingbox Pro for $6.99/month ($69/year). A more comprehensive (and presumably more expensive) Enterprise version was promised as a follow-up offering.

But in 2016 Fing raised over a million dollars on Indiegogo to go into production with a no-subscription hardware solution. What you’re getting instead with the Fingbox is a  monitoring system that keeps an eye on your network 24/7 subscription-free. And all for a single upfront price of around £100.

Fingbox disconnectedNot that the Fingbox is completely infallible. It will conveniently keep an eye on the Virgin Media connection for me, testing the speed and logging any downtime. But on one occasion I found it indulging in its own downtime for no particular reason that I could discern.  The event produced the striking screen on the app shown here. This only happened once during a couple of months of testing. Power cycling the Fingbox fixed it.

A more frequent problem was the speed of the connection between the Fingbox and the Virgin Media router. Several times this link mysteriously fell back from 1 GHz to 100MHz. I couldn’t detect any deleterious effect on the Fingbox’s general LAN monitoring duties, but it’s likely that this would render metrics like Internet speed reporting rather dubious.

I’m keeping an eye on this. The Virgin Media box is a probable culprit and I may be somewhat wiser once it’s had its planned upgrade from Superhub 2 to Superhub 3. Meanwhile, the fix is trivial: I just unplug and replug the connecting Ethernet cable.

If you want to know more, the help section of the Fing app has abundant details. You can also learn more here and buy the device from that page for £99 with free shipping.


Chris Bidmead

 

 

 

 

 

Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *