Motivated by privacy issues in the Internet of Things systems, we generalize a proposed privacy-preserving packet obfuscation scheme to guarantee differential privacy. We propose a locally differentially private packet obfuscation mechanism as a defense against packet-size side-channel attacks in IoT networks. We formulate the problem as an optimization over a conditional probability distribution (channel) between the original and obfuscated packet sizes and show that the optimal set of obfuscated packet sizes is a strict subset of the set of original packet sizes. We study the optimal mechanisms for minimizing the (average or min-max) bandwidth overhead subject to a privacy constraint by solving the corresponding (linear or convex) program. We demonstrate our methods on synthetic and real data to illustrate privacy-bandwidth tradeoffs in different settings. Systems with many bandwidth-intensive devices can easily mask low-bandwidth devices. For data collected from actual smart home IoT devices, we show how the packet size distributions become increasingly indistinguishable as the level of privacy protection increases. The proposed mechanism highlights the possibility for bandwidth-constrained users to optimally tune their privacy preferences and trade off privacy with bandwidth.