What Packet Should I Look For?

  abrogard 02:18 17 Jun 2018

I am using Wireshark to help me find an IP camera that has 'gone rogue'. i.e. I don't know what its IP is.

So I look in Wireshark for traffic to and from an address that seems likely. It will be a local address: 19.168.x.x. or 10.x.x.x , that sort of thing. Perhaps the default from the supplier, perhaps one given to it during it's service, I don't know.

I've now got one that I can't find so easily and I've thought it'd help if I knew precisely what packets to look for, what packet such a device would send upon powering up, that kind of thing.

Anyone can help?

  Fruit Bat /\0/\ 09:47 17 Jun 2018

Make and model of camera might help

  abrogard 10:55 17 Jun 2018

It is for instance a foscam clone. But that's not the point really. There's surely a protocol? What's the first packets new devices on a net send out? If that depends on the make and model of the devices then that's very interesting indeed and I'd love to see the list of all the different 'sign ons' and how the TCP/IP protocol provides for them. You have such a list? Could you let me have it please?

  Secret-Squirrel 11:29 17 Jun 2018

......what packet such a device would send upon powering up,..........

The same packet types as all the other devices on your network ;)

You can easily find the camera's IP address by looking in your router's DHCP Clients' List. The "Host name" or "Client name" may give you a clue in identifying the camera if you've got lots of entries. If you can't see anything obvious then turn your router off, disconnect the IP camera from the network, turn your router on again, wait a minute, then go back to the list of connected clients. Finally, reconnect your camera then refresh the list. The new entry that appears will be your IP camera. When you've found it, give it a fixed IP address if it doesn't already have one.

  abrogard 13:14 17 Jun 2018

I will close this now, if one can do that.

Anyone following the thread may be interested to know that the information sought can be found on such sites as inetdaemon.com or serverdensity.com and following up with queries on the actual syn and ack packet contents and construction.

google on tcp/ip. I should have thought of it in the first place.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Pokémon Sword and Shield preview

Best Office Chairs for the Studio and Home

macOS Catalina Preview: First look at the new Mac update

Que faire si votre iPad ne se charge pas ?