In the working mode of security monitoring project, network camera monitoring generally operates around four modes, namely gateway mode, bridge mode, bypass mode and audit mode. This paper will briefly introduce these four operation modes and their principles:

gateway mode

The principle is to use the local computer as the gateway of other computers (set video monitoring to be pointed to the local computer by the default gateway of the computer), which can be used as single network card mode, dual network card mode or even multi network card mode respectively. The original proxy mode is basically eliminated and generally no longer used. At present, NAT storage and forwarding mode is often used; To put it simply, it’s a bit like the way a router works; Therefore, the control power is very strong, but the function is somewhat lost due to the way of storage and forwarding; However, the efficiency has been better; The defect is that if the gateway dies, the whole network will be paralyzed;

Bridge mode

The principle is that the double network card is made into a transparent bridge, and the bridge works on the second layer, so it can be simply understood that the bridge is a network cable, so the function is the best and there is almost no loss; WinPcap itself does not support this mode; This mode can be said to be the most ideal. Even if the bridge is broken, just simply make a jumper. Because the bridge is transparent, it can be regarded as a network cable. Even if the bridge is broken, it can be understood as changing a network cable when it is broken; It supports almost all network conditions such as multi VLAN, wireless, 10 million M, VPN, multi exit, etc. the reason is very simple. Because the transparent bridge is understood as a network cable;

bypass mode

The principle is to use ARP technology to establish a virtual gateway, which can only be suitable for small-scale network monitoring, and there can be no restricted bypass mode in the environment; The restriction of routing or firewall or the installation of ARP firewall on the supervised computer will lead to the failure of bypass. Because you are bypassing while prohibiting bypass, it is self contradictory; At the same time, if there are multiple bypasses in the network at the same time, it will lead to confusion and interruption of the network; However, as long as this method is the simplest deployment and the most convenient installation;


The principle is bypass monitoring. For example, there is a parallel machine listening next to the phone of two people, so the efficiency is very low. This mode needs to adopt shared hub or switch image; However, if the old shared hub is adopted, the network export function will be affected; If the mirror mode is adopted, on the one hand, it needs to invest in supporting two-way mirror switch equipment, on the other hand, it needs professional personnel to set up mirror switches, but some switches will cause switch obstruction or reduce network function in the blocking process; The fundamental problem is that the function is lost;

D1net comments:

As far as the audit mode is concerned, the principled defects of the audit mode lead to the failure to perfectly realize UDP blocking, severe loss of webcam bandwidth, and failure to realize many functions such as traffic restriction; Generally speaking, at least 40% of the network function is lost; WinPcap works in this mode. Because of this, whether it is function or function, it fundamentally determines the defect of generation.

Responsible editor: CT

Leave a Reply

Your email address will not be published.