This is interesting

Another trove of surveillance documents revels some interesting technical aspects of spying in the modern age:

Gigabit cooper network tap
Gigabit cooper network tap

What we have here is a copper wire tap. This allows some telco or ISP to split an ethernet feed, send one output on it’s merry way, while the other output goes to? If not interception and collection, I don’t rightly know what else this device is designed for.

There are many many more like this on the wilileaks website. Have any doubts about how deep the internet survailance goes? Spend a few minutes poking around, it is an eye opening experiance.

Wireshark; what is it good for

Wireshark is a packet protocol analyzer that is free for download and runs on Windows, Linux, BSD, OS X and Solaris.  In the evolving broadcasting studio, computer networks are the backbone of the facility. Not just on the office side of the house, but also in the broadcast origination side as well. Today, almost everyone uses some type of computer automation system running on a network. In addition, new technologies such as, AoIP consoles, VoIP phone systems, audio and video routing, remote control, off site monitoring, audio processing, etc continue to develop.  Because of this, more and more broadcast engineering work is falling into the computer and networking realm.

Like anything else, networks can fail.  Failure modes can originate from both the physical side, e.g. wiring, connectors, patch bays, network interface cards or the software/protocol side.  Being able to diagnose problems quickly and take remedial action is important.  On the networking side, if a physical problem has been ruled out, then the problem exists with a protocol.  That is where Wireshark becomes useful; it takes the guess work out of networking protocol troubleshooting.

Wireshark packet protocol analyzer has the following features (from their website):

  • Deep inspection of hundreds of protocols, more are in development
  • Live capture and offline analysis
  • Standard three-pane packet browser
  • Versions available for Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and others OS
  • Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
  • Filtering by protocol, IP address, MAC address, frame type, sequence number, etc
  • VoIP analysis
  • Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and others
  • Capture files compressed with gzip can be decompressed on the fly
  • Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
  • Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
  • Coloring rules can be applied to the packet list for quick, intuitive analysis
  • Output can be exported to XML, PostScript®, CSV, or plain text

Here is a quick video with some tips and tricks on using Wireshark:

A few things to keep in mind with the physical connection.  Connecting a computer to a switchport will establish collision domain between the switchport and the computer which is also called a network segment.  The computer NIC will see all traffic on that collision domain and all broadcast traffic on the network or sub network that the switch is attached to.  If there is a suspected problem with a particular network segment, the Wireshark computer needs to join that collision domain.

Creating a network segment tap with a hub
Creating a network segment tap with a hub

This can be done most simply by installing wireshark on the host in that domain. Alternately, a hub can be used to add another host to the collision domain.  Or, if it is a managed switch, there may be a provision to send all traffic on the switch out of one designated port.  This is called ‘port mirroring’, ‘port monitoring’, ‘Roving Analysis’ (3Com), or ‘Switched Port Analyzer’ or ‘SPAN’ (Cisco).

Network diagram with managed switch
Network diagram with managed switch

A quick tutorial on what to look for when using Wireshark, Part A:

Part B:

And briefly, that is how it is done.  There are many more videos on youtube and elsewhere if interested in learning more.

I think I’m in love

After strenuously resisting, I have began to see the beauty of on line radio.  I have been a short wave radio listener since I was a wee young lad.  After many years of declining listening options, I have finally broken down and started listening to radio on line.  I am not disappointed.  Because I need my main computer to do things on, I decided that I should have an internet media computer.

I took an old dell PC and repurposed it as an online tuner.  This particular unit is rather old and once belonged to my mother.  It is a P4 2.8 GHz with one gigabyte of memory and had a bad hard drive.  It was completely submerged for almost 24 hours during the flooding following Hurricane Irene in 2011.  After examination, the BIOS battery was corroded and dead, there was some dirt and junk in the bottom of the case, but otherwise it appeared functional.  Even the DVD/CD drive worked.

Dell Dimension E310 computer
Dell Dimension E310 computer

The 19 inch Dell monitor was found at the dump.  It had the classic flashing power button with no picture problem.  I took it apart and found a bulging 1000 µf 25VDC electrolytic capacitor on the power supply board.  Replaced that and a few other suspicious looking electrolytics and it works as good as new.  There are several youtube videos on how to get a LCD monitor apart which were very helpful as it is not at all intuitive.

Dell 19 monitor, found at dump
Dell 19 monitor, found at dump

Thus, cleaning and repair work completed, I purchased a new 80 GB SATA drive and a new CR2032 BIOS battery then got started.  Somewhere around here, I have some Windoze XP CD’s which I was going to use to reload the operating system.  Then I thought, what fun is that?  Instead, I downloaded the latest Ubuntu ISO and made a live USB device.  I have messed around with Linux before; it is fun and full of geeky wonderfulness, that is true.  Ubuntu is a whole different ball game.  The software packages included in the 12.04 distro are pretty impressive.  It is very easy to install and get the feel for with out worrying too much about command line issues.  All in all, highly cool and highly recommended.

The one thing I will say about Ubuntu, it is processor intensive.  With 2.8 GHz of single core blazing speed, some of the radio station stream players were running 95-100% processor utilization.  Many of these are the pop up web browser units with the fancy spectral display.  The work around is to go someplace like and grab the .pls (playlist file) stream from there.

Screen shot, Ubuntu desktop, Audacious media player
Screen shot, Ubuntu desktop, Audacious media player

This is the Audacious media player streaming the WXPK HE-AAC stream found here:

I also listened to the BBC for a while, which was a pleasant change of pace.

Once the .pls file is in Audacious as a play list, just click on it to start streaming.  You can save as many .pls files as you want, thus Audacious can keep a list of your favorite radio stations.

This is a project in development.  The family is away on vacation and left me home by myself for a week.   Next up, I think I will get a 54 inch LCD screen and a VGA to HDMI converter.  Then, this will become part of the media center for the house, replacing the old CRT TV set and DVD player in the living room.  At that point; goodbye cable TV.  Boy are they gong to be surprised.

Eventually, the internet WILL be censored

Congress, is yet again contemplating a cyber security bill, this time called CISPA.  This one has some worrisome privacy implications for the general internet user.  I recall, not too long ago, another such measure called SOPA/PIPA which created a huge uproar and was voted down.  For Congress and its corporate sponsors, this development was just a slight inconvenience when applying the “if at first you don’t succeed, try, try again,” legislative method.

Not mentioned in this particular bill is the internet kill switch, which exists now in one form or another, and the unofficial back doors into operating systems and routers.  Those things are in place but their use is not codified.  The internet can be monitored, user data can be stored indefinitely and it can be restricted or switched off at a moments notice.  That is the reality of the world we live in.

This is why a vibrant, independent radio broadcasting medium is important.  After doing some numbers crunching over the weekend, I came upon some pretty interesting data points:

  • Large and medium large (over 30 stations) group owners account for approximately 2,300 AM and FM stations
  • NPR affiliated stations number about 900
  • There are 4,736 AM, 6,603 commercial FM, 3,917 educational FM and 802 low power FM stations licensed as of March 31, 2013.
  • There are 77 AM and 178 FM (not counting translators) stations known to be silent

Therefore, approximately 3,200 of the 15,803 stations on the air are controlled by major corporate interests or media conglomerates, the remaining stations are owned by medium small groups (less than 30 stations) or individuals.  Those figures create an interesting situation when discussing the future of radio.  What does the majority of owners and listeners want?  Ask the market.