Another trove of surveillance documents reveals some interesting technical aspects of spying in the modern age:
Gigabit cooper network tap
What we have here is a copper wiretap. This allows some telco or ISP to split an ethernet feed, and send one output on its merry way, while the other output goes to? If not interception and collection, I don’t rightly know what else this device is designed for.
There are many many more like this on the WikiLeaks website. Have any doubts about how deep the internet surveillance goes? Spend a few minutes poking around, it is an eye-opening experience.
Wireshark is a packet protocol analyzer that is free for download and runs on Windows, Linux, BSD, OS X, and Solaris. In the evolving broadcasting studio, computer networks are the backbone of the facility. Not just on the office side of the house, but also on the broadcast origination side as well. Today, almost everyone uses some type of computer automation system running on a network. In addition, new technologies such as AoIP consoles, VoIP phone systems, audio and video routing, remote control, off-site monitoring, audio processing, etc continue to develop. Because of this, more and more broadcast engineering work is falling into the computer and networking realm.
Like anything else, networks can fail. Failure modes can originate from both the physical side, e.g. wiring, connectors, patch bays, network interface cards or the software/protocol side. Being able to diagnose problems quickly and take remedial action is important. On the networking side, if a physical problem has been ruled out, then the problem exists with a protocol. That is where Wireshark becomes useful; it takes the guesswork out of networking protocol troubleshooting.
Wireshark packet protocol analyzer has the following features (from their website):
Deep inspection of hundreds of protocols, more are in development
Live capture and offline analysis
Standard three-pane packet browser
Versions available for Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and other OS
Captured network data can be browsed via a GUI, or via the TTY-mode TShark utility
Filtering by protocol, IP address, MAC address, frame type, sequence number, etc
VoIP analysis
Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco Secure IDS iplog, Microsoft Network Monitor, Network General Sniffer® (compressed and uncompressed), Sniffer® Pro, and NetXray®, Network Instruments Observer, NetScreen snoop, Novell LANalyzer, RADCOM WAN/LAN Analyzer, Shomiti/Finisar Surveyor, Tektronix K12xx, Visual Networks Visual UpTime, WildPackets EtherPeek/TokenPeek/AiroPeek, and others
Capture files compressed with gzip can be decompressed on the fly
Live data can be read from Ethernet, IEEE 802.11, PPP/HDLC, ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and others (depending on your platform)
Decryption support for many protocols, including IPsec, ISAKMP, Kerberos, SNMPv3, SSL/TLS, WEP, and WPA/WPA2
Coloring rules can be applied to the packet list for quick, intuitive analysis
Output can be exported to XML, PostScript®, CSV, or plain text
A few things to keep in mind with the physical connection. Connecting a computer to a switch port will establish a collision domain between the switch port and the computer which is also called a network segment. The computer NIC will see all traffic on that collision domain and all broadcast traffic on the network or sub-network that the switch is attached to. If there is a suspected problem with a particular network segment, the Wireshark computer needs to join that collision domain.
Creating a network segment tap with a hub
This can be done most simply by installing Wireshark on the host in that domain. Alternatively, a hub can be used to add another host to the collision domain. Or, if it is a managed switch, there may be a provision to send all traffic on the switch out of one designated port. This is called ‘port mirroring’, ‘port monitoring’, ‘Roving Analysis’ (3Com), or ‘Switched Port Analyzer’ or ‘SPAN’ (Cisco).
Network diagram with managed switch
A quick tutorial on what to look for when using Wireshark, Part A:
Part B:
And briefly, that is how it is done. There are many more videos on youtube and elsewhere if interested in learning more.
Congress, is yet again contemplating a cyber security bill, this time called CISPA. This one has some worrisome privacy implications for the general internet user. I recall, not too long ago, another such measure called SOPA/PIPA which created a huge uproar and was voted down. For Congress and its corporate sponsors, this development was just a slight inconvenience when applying the “if at first, you don’t succeed, try, try again,” legislative method.
Not mentioned in this particular bill is the internet kill switch, which exists now in one form or another, and the unofficial back doors into operating systems and routers. Those things are in place but their use is not codified. The internet can be monitored, user data can be stored indefinitely and it can be restricted or switched off at a moment’s notice. That is the reality of the world we live in.
This is why a vibrant, independent radio broadcasting medium is important. After doing some numbers crunching over the weekend, I came upon some pretty interesting data points:
Large and medium-large (over 30 stations) group owners account for approximately 2,300 AM and FM stations
NPR-affiliated stations number about 900
There are 4,736 AM, 6,603 commercial FM, 3,917 educational FM, and 802 low-power FM stations licensed as of March 31, 2013.
There are 77 AM and 178 FM (not counting translators) stations known to be silent
Therefore, approximately 3,200 of the 15,803 stations on the air are controlled by major corporate interests or media conglomerates, the remaining stations are owned by medium-small groups (less than 30 stations) or individuals. Those figures create an interesting situation when discussing the future of radio. What do the majority of owners and listeners want? Ask the market.
As data transfer technology progresses, so do cable types. Category 6 UTP copper cable is commonly used today in ethernet installations where 1000BaseT (or gigabit ethernet) systems are required. Cat 6 cable has a certified bandwidth of 250 MHz (500 MHz for Cat6a). Category 6 cable is a newer version of Category 5 and 5e cable wherein the wire pairs are bonded together and there is a separator to keep each pair of wires the same distance apart and in the same relationship to each other. The four twisted pairs in Cat 6 cable is also twisted within the overall cable jacket.
Category 7 cable is much different from its predecessors. It has an overall shield and individual pairs are shielded:
Category 7, STP ethernet cable
Shields on individual pairs are required to reduce cross-talk (FEXT, NEXT). It also requires special shielded connectors called GG45 plugs and jacks. Pinouts and color codes are the same as gigabit ethernet (Category 5e and 6) however, Category 7 (ISO 11801 Class F) jacks and plugs also have to contact the corners of the connector or jack. This allows better shielding. A small switch in the jack senses when a Category 7 type connector is inserted and switches to the corner contacts, thus keeping jacks and patch panels backward compatible with Category 5/6 cables.
Category 7 GG45 connectors, jack and plug
Category 7 cable is rated for 600 MHz bandwidth (1000 MHz for 7a) which translates to 10 GB ethernet. This was previously the domain of fiber cable. Copper cable has some advantages over fiber; lower propagation delays require less complicated equipment, copper is less expensive than fiber and more durable. It is nice to have the flexibility to use copper cable on 10 GB ethernet for runs of 100 meters or less. Longer runs still require fiber.
Category 7 and 7a cable looks remarkably similar to the older Belden multipair “computer cable” pressed into service as audio trunk cable seen so often in older studio installations.
