final pt1

final/final.md

@@ -1 +1,71 @@
-# Final Project
+# Final Project - Network Tap/MitM
+
+For this project, I will be constructing my transparent network tap / monster-in-the-middle device using a raspberry pi 3B+ (hostname pitap)
+
+## Background
+
+This device will be constructed and deployed on my home network. Specifically, I will insert this device between an IP camera I own (hostname reolink) and a network switch, which connects to the rest of my home homework, including my desktop from which I normally access the cameras RTSP stream or HTTP web interface.
+
+At this point, I have physically configured my network to support this project, so let's take a look. Here is a rough sketch.
+
+![uml](./photos/background/uml.png)
+
+And here are a couple photographs of the hardware - the parts most relevant networking-wise are in red.
+
+![nest](./photos/background/nest.png)
+
+![reolink](./photos/background/reolink.png)
+
+For reference, here is a table of the relevant devices
+
+| Device              	| Adapter      	| MAC               	| IP                     	|
+|---------------------	|--------------	|-------------------	|------------------------	|
+| Router (ZyXel)      	| WAN          	| 08:26:97:5B:9A:01 	| 97.120.207.11          	|
+| Router (ZyXel)      	| LAN (eth+wl) 	| 08:26:97:5B:99:FE 	| 192.168.0.1            	|
+| Switch (cisco)      	| eth          	| 00:9E:1E:0E:CF:02 	| X                      	|
+| pitap               	| eth0         	| b8:27:eb:8a:05:87 	| 192.168.0.38 (temp)       |
+| pitap               	| eth1         	| 24:f5:a2:8b:4a:06 	| X                      	|
+| pitap               	| wlan0        	| b8:27:eb:df:50:d2 	| 192.168.0.42           	|
+| Desktop (pop-os)    	| enp7s0       	| 04:42:1a:93:54:da 	| 192.168.0.56           	|
+| IP Camera (reolink) 	| eth          	| ec:71:db:d1:1c:ca 	| 192.168.0.4 (assigned) 	|
+
+Before proceeding, we should consider how the reolink device will appear on my network upon successfull configuration of the network tap. In my case, the reolink camera has an IP assignment (DHCP reservation) from my gateway of 192.168.0.4
+
+![lease](./photos/background/lease.png)
+
+At this time with the current wiring, the reolink appears unavailable to my network, and the pitap is present on the network on ethernet. For the end result, we expect the pi to no longer appear on ethernet (it will then be on wireless), and we expect the reolink device to return to the network on ethernet with the expected hostname, MAC, and IP address that the gateway is already familiar with. 
+
+![device](./photos/background/device.png)
+
+I have other interesting devices connected to my home network, including additional switches, raspberry pi's, IP cameras, wireless extenders, and an active multiplayer game server. These will be ignored.
+
+## Baseline statistics
+
+Before moving on to configuration, we should have an idea of the network performance without the pitap so we have something to compare to later on. We hope the pitap will introduce minimal network performance degredation, as this would increase the chance of detection. For this section, I will revert my network by shutting down pitap and plugging the reolink camera back into my switch. 
+
+A quick ping shows an average latency of .378ms, and a high spike of 1.36ms
+
+![ping](./photos/baseline/ping.png)
+
+Getting a maximum measurement of theoretical bandwidth is not straightforward. Reolink does not provide ssh access to the underlying operating system, so I cannot use a tool like `iperf3` to test the bandwidth. However, in my current network configuration, I can consider some things to get an idea
+
+* All ethernet cables used support gigabit links (Cat 6 or Cat 5e)
+* All of my primary networking devices support gigabit links (desktop PC, switch, router, fiber modem, ISP subscription)
+* My reolink camera supports [100 Mbps max](https://reolink.com/us/product/rlc-510a/#specifications) ethernet connection
+* The PoE being injected to the reolink camera would redundantly limit bandwidth to 100BASE-T given that it uses half of the conductors
+* The [pi 3b+](https://www.raspberrypi.com/products/raspberry-pi-3-model-b-plus/) is said to have a built-in gigabit network adapter but is limited to ~300Mbp/s since ethernet passes through the USB 2.0 bus
+* The [belkin USB to ethernet adapter](https://www.belkin.com/usb-c-to-gigabit-ethernet-adapter/P-F2CU040.html) I am using with the pi is rated for gigabit speeds. However, this is also going through the USB 2.0 bus (at the same time), so I expect the overall maximum performance of pitap to be 300Mbps/2 or ~150Mbps
+
+With all this in mind, the bottleneck at the link layer is my reolink camera itself, and I do not expect this performance to be degraded by using the pitap.
+
+However, we can do a little better to understand the bandwidth I expect to get under normal circumstances. According to my cameras web UI panel, the maximum bitrate it can transmit is 8192 Kbps. This is using its highest performance "Clear" stream with the maximum resolution of 2560x1920, 30 frames per second, and H.264 encoding. As a note, audio is also supported on this stream.
+
+![stream](./photos/baseline/stream-stats.png)
+
+Last, I decided to open the "Clear" RTSP stream in VLC and look at the network statistics
+
+![baseline](./photos/baseline/baseline.png)
+
+When looking at the content bitrate, the number stays in the range of ~4,500 kb/s to ~12,000 kb/s (low end shown above) consistently flipping between higher and lower values once per second. This aligns very well with the 8192 Kbps maximum bitrate reported by the camera itself. After watching the stream for several minutes, I also notice there are only 2 discarded/corrupted frames. Subjectivly, I can also say the stream is very clear and smooth when viewed fullscreen on my 1440p monitor, with no visual artifacts or stutters. 
+
+All said, for the pitap to be "undetectable" the above performance should be maintained.