Frustrated newbie wants to ditch Hikvision cam
- Thread starter dancurry
- Start date
Zxel
Getting the hang of it
Don't forget the 172.16.0.0 - 172.31.255.255 IP range, many business use that.
You can use any IP address for your internal network, it does not have to be one of the IANA designated private IP address ranges below
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
BUT many manufacturers have limited their home equipment to only use the 192 range so just stick with it.
The private IP address ranges have been made un-routable on the Internet so if any of your private network traffic gets out it cannot go anywhere and that is also the reason why you have to use port forwarding on your Internet router to translate between the public and private address ranges.
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
BUT many manufacturers have limited their home equipment to only use the 192 range so just stick with it.
The private IP address ranges have been made un-routable on the Internet so if any of your private network traffic gets out it cannot go anywhere and that is also the reason why you have to use port forwarding on your Internet router to translate between the public and private address ranges.
Zxel
Getting the hang of it
DaveP
Getting the hang of it
Technically you can use any IP for your internal network, but you'd be a blithering idiot if you didn't use one in the IANA designated private IP address ranges.
Sadly I know a few security conscientious enterprises that do as they think it makes hacking their internal systems a little bit more difficult, when some ones tries to connect to the IP of an internal system from the outside they just end up getting routed to China! Not saying it is either right or wrong and it does have its uses.
Zxel
Getting the hang of it
You can do that without altering your internal network IP structure, a sophisticated firewall (not like the ones in a normal home router - you'd need a Routerboard or better) can do that easy enough if you want. We use ours to send people to the U.S. FBI website - hehe.
They may think they're being cool, but changing your internal network IP's to use ranges outside the IANA standards just leaves you more exposed - it would only deter NoOb hackers, but make it far EASIER for those who know what they're doing. Fortunately most hackers are script kiddies with little knowledge, you would need to be a desirable target to be hacked by a pro. One of the best advices to give people who are concerned about hacking is "keep your head down", be very quiet about what you are doing.
You can do that without altering your internal network IP structure, a sophisticated firewall (not like the ones in a normal home router - you'd need a Routerboard or better) can do that easy enough if you want. We use ours to send people to the U.S. FBI website - hehe.
They may think they're being cool, but changing your internal network IP's to use ranges outside the IANA standards just leaves you more exposed - it would only deter NoOb hackers, but make it far EASIER for those who know what they're doing. Fortunately most hackers are script kiddies with little knowledge, you would need to be a desirable target to be hacked by a pro. One of the best advices to give people who are concerned about hacking is "keep your head down", be very quiet about what you are doing.
You are preaching to the converted
I have been telling them all that having public IP ranges inside is a PITA on all fronts, sadly at least one is in the defence area but they at least have now seen the light.After setting my frustration aside for months, I am looking to finish setting up my IP cam. I've finally made progress from last year — I can ID my camera on the network via iVMS-4200 software. However, the camera won't operate on that software's test connection or my Synology Surveillance Station software. Nor can I access it via web browser. What is my next step? My camera is Hikvision DS-2CD2132-I
What is the IP of the camera and what is your local machine's IP? Most likely you're not on the same subnet so you'll need to set your local machine's IP temporarily to a fixed address in the same subnet as the camera, then go into the camera's web config and set it to an unused fixed IP in your local network's subnet, then set your local machine back to it's original IP (i.e. via DHCP).
In simpler terms, your computer can't talk to another subnet directly so you need to change it's IP address to be on the same subnet as the camera, then configure the camera to your true local subnet, then change your computer to be back on that same subnet.
In simpler terms, your computer can't talk to another subnet directly so you need to change it's IP address to be on the same subnet as the camera, then configure the camera to your true local subnet, then change your computer to be back on that same subnet.
I find it hard to believe those are your IP addresses as those are public, but if they are and you're correct then you're on the same subnet and should be able to http:// straight into the camera. Do you have a range of public IPs from your ISP? That would be very rare if you did, and you still shouldn't set your internal devices to public IPs.
I seriously doubt those are your actual IP addresses though, one of them may well be your public IP (the one your modem/router communicates out to the internet from), but your internal IP addresses of your machines and devices should start with 192, 10, or 172 (I think someone listed the exact range earlier in the thread). To see your public IP go to a site like whatismyip.com. That should be your modem/router's (i.e. public) IP. Then your modem/router assigns addresses via DHCP to your local network devices usually in the 192.168.1.x range by default. So in that case each of your devices would have a 192.168.1.x address and talks to the LAN side of the router (gateway IP usually would be 192.168.1.1 by default), then the router converts it to the public IP and talks out to wherever you are going on the internet. Packets come back to your public IP, then the router transforms them via NAT to the local IP (192.168.1.x, etc.) and routes it to the device that requested it.
So you need to do a couple of things. One, find out an internal IP address on your LAN/private side. With windows you can do a ipconfig that will show you. Then find an available IP on the same subnet (so in the most likely example it would be 192.168.1.x where x is not in use by another device), you will assign this (manually) to your camera. Third, you need to find the true address of your camera. If it's on a different subnet (which it will be by default) you'll need to change your computer/device's IP that you'll browse to the camera from to be in the same subnet so you can talk to it. Then you'll need to change the IP in the camera's network setup page to the available IP determined above. Then reset your computer/device's IP back to it's original.
I seriously doubt those are your actual IP addresses though, one of them may well be your public IP (the one your modem/router communicates out to the internet from), but your internal IP addresses of your machines and devices should start with 192, 10, or 172 (I think someone listed the exact range earlier in the thread). To see your public IP go to a site like whatismyip.com. That should be your modem/router's (i.e. public) IP. Then your modem/router assigns addresses via DHCP to your local network devices usually in the 192.168.1.x range by default. So in that case each of your devices would have a 192.168.1.x address and talks to the LAN side of the router (gateway IP usually would be 192.168.1.1 by default), then the router converts it to the public IP and talks out to wherever you are going on the internet. Packets come back to your public IP, then the router transforms them via NAT to the local IP (192.168.1.x, etc.) and routes it to the device that requested it.
So you need to do a couple of things. One, find out an internal IP address on your LAN/private side. With windows you can do a ipconfig that will show you. Then find an available IP on the same subnet (so in the most likely example it would be 192.168.1.x where x is not in use by another device), you will assign this (manually) to your camera. Third, you need to find the true address of your camera. If it's on a different subnet (which it will be by default) you'll need to change your computer/device's IP that you'll browse to the camera from to be in the same subnet so you can talk to it. Then you'll need to change the IP in the camera's network setup page to the available IP determined above. Then reset your computer/device's IP back to it's original.
alastairstevenson
Staff member
Ouch! @dancurry You are just asking to be hacked.
You've published your public IP address on a public forum - and have offered a bunch of vulnerable ports on your Synology DiskStation to all the world's bad bots and the bad guys behind them.
I suggest you immediately edit your original post to remove that sensitive data.
*edit* Check the access logs on your Synology box. I'll bet there will be quite a list of access attempts.
You've published your public IP address on a public forum - and have offered a bunch of vulnerable ports on your Synology DiskStation to all the world's bad bots and the bad guys behind them.
I suggest you immediately edit your original post to remove that sensitive data.
*edit* Check the access logs on your Synology box. I'll bet there will be quite a list of access attempts.
I just set up my first Chinese non-Hikvision camera without any documentation/support (the CD with manual was broken). I know Hikvision has their own software, but a universal process should probably be:
Document the computer's current IP, subnet and gateway.
Connect the camera directly to a computer via ethernet cable. Plug a power adapter into the camera.
Run a network sniffer like Wireshark to obtain the camera's static IP.
Set the computer's ethernet adapter to be on the same subnet as the camera and use an unused IP similar to the camera's.
Browse to the camera via browser and install any software when prompted. Login with default credentials.
Set the camera's IP to an unused static one similar to the computer's original IP. Set the subnet (and gateway if listed) to the computer's original info.
Set computer back to DHCP.
Plug the IP camera into the POE switch or whatever it's permanent network connection will be.
Document the computer's current IP, subnet and gateway.
Connect the camera directly to a computer via ethernet cable. Plug a power adapter into the camera.
Run a network sniffer like Wireshark to obtain the camera's static IP.
Set the computer's ethernet adapter to be on the same subnet as the camera and use an unused IP similar to the camera's.
Browse to the camera via browser and install any software when prompted. Login with default credentials.
Set the camera's IP to an unused static one similar to the computer's original IP. Set the subnet (and gateway if listed) to the computer's original info.
Set computer back to DHCP.
Plug the IP camera into the POE switch or whatever it's permanent network connection will be.
If I temporarily change the computer to a fixed IP, will it screw up my server settings. etc?
In other words, when I switch back to DHCP, will everything go back to normal or will have to reset a bunch of things?
In other words, when I switch back to DHCP, will everything go back to normal or will have to reset a bunch of things?
I can't think of anything that would get messed up. But obviously other devices on the network won't be able to connect to it while it is on a different subnet. Other than that you should be fine.