Physical security is video surveillance, entryway access, and sensors. In other words, it’s a network of things to protect and secure physical areas. Traditionally this network was analog and serial, but today it’s converging through the use of the Internet Protocol (IP). IP allows you to build a physical security network using one network and probably the very same network that you already have in place. Transitioning over to IP also gives rise to a lot more features and software based analytics. Physical security is just as important as network security.
Tim Dodge and I wrote a book last year about transitioning from analog to IP-based security systems called, “Introduction to IP-based Physical Security”, published by TESSCO Publishing. The book is meant to be a jump start for those heading over to IP-based physical security and video surveillance.
Today I had the thrill of opening up a box with a few publication samples. I know we are in a digital age, but I have to admit that it was cool holding a book with an ISBN and a barcode on it…
I look forward to running into this book in a used bookstore and/or being the reason for a book burning.
Wireshark is a tool that performs packet and protocol analysis on a network. Packets are the virtual transport mechanism that moves are data from sender to receiver. Each packet has a header and payload – the header contains information about where the packet came from and where it’s going, as well as the protocols being used. The payload has our actual digitized data – parts of a website, text, a section of a photo, or a clip of audio from an MP3 or a phone call. If you don’t get all of the packets then a phone call may sound choppy or it may take a while to download a complete file. Wireshark allows you to take a look at the packets you are sending and receiving and learn a lot more about what it happening and what’s breaking down. Wireshark is not for the lighthearted, as the tool requires knowledge of protocols and a deep understanding of OSI, IP, and TCP/UDP at the very least. But, with time, Wireshark becomes invaluable to the troubleshooting process. I have relied on the tool for my work supporting Voice-over-IP (VoIP) and system and application connectivity. The only side-effect of Wireshark is that you will soon realize why it’s not a good idea to surf the web in a public spot (without a VPN or encryption).
The new version
of Wireshark includes more protocols that it will decode, supports 64-bit Windows, and has GeoIP integrated support. Also, Wireshark works perfectly with my passive network cable
. Visit www.wireshark.org
to download the latest version and learn more about it.
User A to User B packet data traffic can be monitored through a HUB by User C using a “receive‑only” Ethernet cable.
On the HUB end of the cable, there is a loop between TX and RX to activate the HUB port. Any traffic through the HUB will now include this port in the broadcasts.
User C taps onto the loop by its receive pins.
Once the connections are made to the HUB, User C will receive all packets that flow through the HUB, but User C will not transmit any packets towards the HUB (no DHCP requests and no ARP requests).
The NIC on User C is in promiscuous mode capturing all incoming packets only.
Using a receive-only Ethernet cable in this configuration allows for the ability to passively capture packets, while not actively being a part of the network.
Network administrators can actively test for devices in promiscuous mode, monitor for DHCP and ARP requests, and review MAC tables to determine the presence of a packet analysis tool.