Ip Camera Baselining - Connecting and The Initial Trace

Attend the www.COREITPROS.com conference with Laura Chappell, Mike Pennachi, Tony Fortunato August 22 - 26, 2022

Since IOT devices are only getting more popular, more and more ‘challenges’ have arisen.

Everything from the operation, troubleshooting, and of course, security has come up every time we discuss these devices.

My obvious approach is to start with a baseline for a simple reason. We can’t fix what we can't see or in the protocol analysis world, we can't fix what we cant compare with. Ideally, I would like a baseline capture to compare against any trace that contains a potential problem.

In this series I chose an off the shelf IP camera for a few reasons;

- cameras tend to have more configuration control

- some cameras have the ability to run independently from the cloud

- some cameras come in wired/wireless configurations

The make and manufacturer of the camera I chose are not relevant, the methodology is. I would ask you to focus on the techniques, tips, and tricks so you can reproduce on your equipment.

In this video, we connect the camera (since it has a wired connection) directly to my computer and start Wireshark to see how it behaves on startup.

Things you might want to look for in your trace:

- ipv6 and ipv4 enabled

- DNS name lookups

- If it has a static ip address

- Any ‘special discovery or announcement’ packets and their protocol:port

As I state in the video, you should let the trace run for a minute or two. There is no real need to run a capture for a long period of time since the camera won’t get on the internet.

Don’t worry if the device you want to baseline isn’t wired, I will cover wireless in future videos.