This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I am testing a NVR (Network Video Recorder) with different IP cameras brands meaning that IP cameras is connecting to the NVR Via local/external IP addresses using hub switches,routers etc' for live viewing & recording. Some of the IP cameras are causing to NVR failure (picture freeze and NVR reset's) with first link and I believe that it has do to with the IP cameras broadcasting issue and I would like know if I can use wireshark for more diagnostic. All IP cameras have a web server GUI so the beggining point for all testing brands are same resolution,FPS,quilty,compression etc'.

asked 21 Sep '16, 00:03

R-C's gravatar image

R-C
6112
accept rate: 0%

If the question is "can I use Wireshark for more diagnostic", then the answer is "sure you can".

If the question is "how do I find out what feature of the 'evil' cameras is killing the NVR", you'll have to compare the captured traffic from good and evil cameras and find out what the evil ones have in common an it doesn't exist at the good ones. And as you've pointed out, it may also be just too much traffic arriving to the NVR which kills it, i.e. no "good" and "evil" cameras would exist.

(21 Sep '16, 01:50) sindy

Thank you for your replay, Wireshark is relatively new to me so can you describe the type of "capture" that might be relevant for this case?

(25 Sep '16, 06:48) R-C

What wasn't clear to me from your initial question was whether you were doing interworking tests (testing a single camera model at a time) or whether you had a farm of cameras already in "production" and were adding just the recording capability to the existing setup, so there could be real packet drops on the path between the cameras and the NVR due to insufficient bandwidth.

The first case is easier, just start capturing the traffic at some point between the NVR and the camera (using a tap or a switch with monitoring capabilities, not using a hub as most hubs reduce the bandwidth down to 10 Mbit/s in total), then start the camera and wait until the picture freezes (or not) on the NVR. It should then be relatively easy to identify the stream from the camera to the NVR (and possibly save it into a new file) by just the combination of IP addresses (the display filter expression would be ip.addr == cam.era.add.ress and ip.addr == nvr.add.re.ss) , and compare these streams' properties of distinct camera models to each other.

Wireshark's statistical functions show you the bandwidth in both packets per second and bytes per second, the packet dissection functions show you the codecs used (unless encryption is used). BTW the encryption, if used, may be an issue by itself.

The second case is harder to analyze properly - the NVR may fail simply due to too much data coming in, or because its decoding algorithms are not robust enough to handle the gaps in the data caused by the packet loss, or it may fail due to the encoding some of the cameras uses. So if possible, checking each camera individually as above is a preferred first step.

(25 Sep '16, 07:51) sindy

Thank you for your replay, Can you give me your direct e-mail please ? It will be easier for me

(26 Sep '16, 00:16) R-C
Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×4

question asked: 21 Sep '16, 00:03

question was seen: 1,163 times

last updated: 26 Sep '16, 07:58

p​o​w​e​r​e​d by O​S​Q​A