IPC-HDW5442TM-AS huge internet traffic

Could RTSP be on?
In the cam go to settings>network>access platform>PTP (make sure it is off then save) then RTMP tab> Then make sure it is off. Then save!

Good luck
 
Scale said:
I setup IPC-HDW5442TM-AS + Keenetic 4G + Huawei 4G modem on the dacha.
I use SmartPSS to work with this camera.
Today my mobile Internet provider told me that I have to pay for addtitional Gbytes Internet traffic.
My camera consumed 4Gb Internet traffic today.
I started to notice that the camera consumes a lot of Internet traffic and I don't understand why it is.
I don't use camera Live view to observe scenery, I don't download video from this camera and etc.
I did nothing today at all but camera consumed 4Gb.
How can I find what is consuming internet traffic?
Click to expand...

it’s possible if you’re using P2P serial number connection method, and if the primary DNS in the camera network configuration is set to 8.8.8.8 there is a constant 200Kb/s to 400Kb/s polling which will consume your data! Try changing the primary DNS to be the Internet router’s local IP address (same IP as the default gateway you’ve input in the camera) & see how that goes?
Unless you’re on a static sim; (are you?), you are at the mercy of the cellular provider and them using CGNAT to split IPV4 addresses due to IPV4 saturation. With CGNAT, the actual IP address provided to your cellular router will be a shared IP sitting between the mast; and the provider’s shared routing equipment to which you or I have no access to program in NAT / port rules or even VPN or ability to bind Dyndns.

Try the DNS change I suggest; as I believe using P2P and DNS 8.8.8.8 via cellular CGNAT results in excessive DNS polling while the camera / recorder are “keeping alive” with the Dahua P2P services

I hope that all makes sense?
 
Last edited:
unclepabs said:
it’s possible if you’re using P2P serial number connection method, and if the primary DNS in the camera network configuration is set to 8.8.8.8 there is a constant 200Kb/s to 400Kb/s polling which will consume your data! Try changing the primary DNS to be the Internet router’s IP address & see how that goes?
Unless you’re on a static sim; (are you?), you are at the mercy of the cellular provider and them using CGNAT to split IPV4 addresses due to IPV4 saturation. With CGNAT, the actual IP address provided to your cellular router will be a shared IP sitting between the mast; and the provider’s shared routing equipment to which you or I have no access to program in NAT / port rules or even VPN or ability to bind Dyndns.

Try the DNS change I suggest; as I believe using P2P and DNS 8.8.8.8 via cellular CGNAT results in excessive DNS polling while the camera / recorder are “keeping alive” with the Dahua P2P services

I hope that all makes sense?
Click to expand...

Just remembered something else; off the top of my head I can’t recall where it is in the menu; but also turn off “Bonjour” service.
Another downside behind CGNAT & having non static IP is; say your away from home, your generally unable to monitor wether connection has gone down or the camera is down; unless you have a cloud service to access the router and it’s status from anywhere?
One possible; turn off P2P, setup a mini pc / stick pc & have a “always on” teamviewer connection; connect the camera into SPSS on the PC & access that way; bit long winded & extra overhead; but if that’s your only option, then have a play. You can even use Microsoft template tools to lock down the O/S components & create an autorun routine for just the teamviewer & SPSS apps. Good luck ;-)
 
Scale said:
I can block internet trafic from the camera on the router side but how I will be able to connect to it using SmartPss in this case?
Click to expand...
I enable P2P only on the NVR and view the cameras remotely through the NVR. The individual cameras are blocked from talking to the internet. I only have to worry about one device doing something weird instead of 15 cameras with almost that many different models and/or firmware versions. I've never had the need to change a camera setting while away from home.
 
tigerwillow1 said:
I enable P2P only on the NVR and view the cameras remotely through the NVR. The individual cameras are blocked from talking to the internet. I only have to worry about one device doing something weird instead of 15 cameras with almost that many different models and/or firmware versions. I've never had the need to change a camera setting while away from home.
Click to expand...

In regard to my two replies; Same principle applies exactly same wether Dahua camera or NVR.
I’d still turn P2P and Bonjour off on each camera incase there’s any traffic pass through the recorder.
Good luck
 
unclepabs said:
In regard to my two replies; Same principle applies exactly same wether Dahua camera or NVR.
I’d still turn P2P and Bonjour off on each camera incase there’s any traffic pass through the recorder.
Good luck
Click to expand...

Also, drop the sub-stream on the NVR for each camera to the minimum you can withstand; try D1 704x576 12ips VBR & 256Kb/s max per cam
 
Hi

I'm experiencing the same issues at a site, today the connection has been closed by the mobile operador, as it reached 1068 GB (Yes, correct, 1068 !!!! ) on a small site with a Mikrotik 4G/LTE router, a NVR and 4 IP cams. For some reason looks like the NVR is streaming to somewhere, I can see sometimes 6 mb/s or more trafic and noone is connected. I changed users / password etc rebooted etc and I tougth it stoped but a while again it seems to trasnfer data again.

The ssytem has a firewall at the mikrotik router and the provider has a CGNAT so there is no direct conneciton from outside.

I readed this thread but any of the comments don't apply to this issue afaik. System neither hacked or any other strange issues. The NVR is a NVR-4808-8P-I and the càmeres are IPC-HFW3441T-ZS

Currently the system is inaccessible as the provider cut the conneciton, asap I get it back I will do some network captures.

If anyone has any other idea what it can be, or where to look at it will be very kind!!
 
user8963 said:
@pietervos

Use wireshark and look for the destination. If its amazon datacenter, its related to dahua p2p cloud feature. Without destination IP you cannot tell anything.
Click to expand...

For sure, and from what I remember I had a look some time before and one of the connections having 6 mb/s transfer was indeed to a amazon IP. In this case, what can be the issue ?? The 3 user account I have have changed password, and once I rebooted the NVR and without any logon (in the log) the trasnfer started again.
 
Dahua and Hikvision are always playing with their apps / cloud.
Sometimes push notifications stops working, next day something else.
They are obsessed with destroying things which worked fine.

What can be the issue ? WHO CARES

Stop using p2p connections !! Use tailscale or zerotier if you are behind cgnat.

There will be nothing in the log. p2p does not care about your password.. they dont need it.
 
  • Like
Reactions: Flintstone61 and sebastiantombs
user8963 said:
Dahua and Hikvision are always playing with their apps / cloud.
Sometimes push notifications stops working, next day something else.
They are obsessed with destroying things which worked fine.

What can be the issue ? WHO CARES

Stop using p2p connections !! Use tailscale or zerotier if you are behind cgnat.

There will be nothing in the log. p2p does not care about your password.. they dont need it.
Click to expand...

I got it online again, and traffice is intense, checking graphs around 9 mb/s continuos all day:

View attachment 114848

Checked connections and there are those two destinations (.118.200 is the NVR):

View attachment 114847

First IP i didn't get info, the second is a HK/CN cloud service..

128.1.42.47
118.193.58.194
irt:IRT-UCLOUD-HK
address:FLAT/RM 603 6/F, LAWS COMMERCIAL PLAZA, 788 CHEUNG SHA WAN ROAD, KL,, Hong Kong
e-mail:u-ipnic@ucloud.cn
abuse-mailbox:u-ipnic@ucloud.cn
admin-c:UITH1-AP
tech-c:UITH1-AP
auth:# Filtered
remarks:u-ipnic@ucloud.cn was validated on 2021-11-17
mnt-by:MAINT-UCLOUD-HK
last-modified:2021-11-17T02:59:47Z
source:APNIC
after deleting and waiting some minutes it looked like it reconnected but still weirdo, IP 8.211.3.50 that is from alibaba

inetnum: 8.208.0.0 - 8.223.255.255
netname: ASEPL-SG
descr: Alibaba.com Singapore E-Commerce Private Limited
country: SG
org: ORG-ASEP1-AP
admin-c: ASEP1-AP
tech-c: ASEP1-AP
abuse-c: AA1926-AP
status: ALLOCATED PORTABLE
remarks: --------------------------------------------------------
remarks: To report network abuse, please contact mnt-irt
remarks: For troubleshooting, please contact tech-c and admin-c
remarks: Report invalid contact via www.apnic.net/invalidcontact
remarks: --------------------------------------------------------
mnt-by: APNIC-HM
mnt-lower: MAINT-ASEPL-SG
mnt-routes: MAINT-ASEPL-SG
mnt-irt: IRT-ASEPL-SG
last-modified: 2020-10-12T07:54:10Z
source: APNIC
 
  • Sad
Reactions: user8963
What firmware are you running on that camera? Are the other 5442s on that system running the same version? It maybe time to try updating the firmware just to overwrite what's in there and, hopefully, overwrite what ever is going wrong.
 
  • Like
Reactions: looney2ns and user8963
Hi

The NVR is a 4208-8P-I, I have some more online but using fiber or dsl instead of a data-limited 4G and no router where to check the traffic, so it can be the other ones are also generating this trafic (I will try to put a mikrotik on one of the other sites to check).

Firmware:

1641752909880.png

The 4 cameres run the same firmware:

1641753141503.png
 
hmm.
So ONLY the nvr is streaming to china cloud? or do you see traffic between the cameras and china?

according to dahua website, DH_NVR4XXX-I_MultiLang_V4.002.0000000.0.R.210811 is the latest firmware for the 1st gen nvr4208 (which you already have)

If you only see traffic between nvr and china, downgrade to OLDER version


DH_NVR4XXX-I_MultiLang_NP_V4.000.0000000.1.R.20190809.bin 2020-03-12 11:16
DH_NVR4XXX-I_MultiLang_V4.000.0000000.0.R.20190713.bin 2020-02-28 08:50
DH_NVR4XXX-I_MultiLang_V4.001.0000000.0.R.200622.bin 2020-07-06 16:05
DH_NVR4XXX-I_MultiLang_V4.001.0000000.1.R.200707.bin 2020-07-28 11:31
DH_NVR4XXX-I_MultiLang_V4.001.0000000.2.R.200814.bin 2020-10-01 12:42
DH_NVR4XXX-I_MultiLang_V4.001.0000000.3.R.201022.bin 2020-11-16 13:42
DH_NVR4XXX-I_MultiLang_V4.001.0000000.3.R.210710.bin 2021-07-20 14:24

i would test 2020 firmware, but remember... ALL OLD FIRMWARE HAVE KNOWN SECURITY ISSUES.
If the traffic goes down, this is a job for andy to contact dahua
 
  • Like
Reactions: sebastiantombs
I believe the original post said a camera was the culprit. The firmware for the camera is relatively old and an update may help the situation IF it is the source of the traffic.
 
  • Like
Reactions: user8963
sebastiantombs said:
I believe the original post said a camera was the culprit. The firmware for the camera is relatively old and an update may help the situation IF it is the source of the traffic.
Click to expand...

i think this is also the newst firmware for hfw3441t-zs,

original poster was 5442tm , this one here uses different cameras
 
Correct, i followed the thread because of the problem, but with diffrent NVR. I've been doing some more traces and it looks like the last IP where I get a lot of trafic is from our Monitoring Station Company, and looks like once they connect it doesn't disconnect and the streaming is still running. I just opened a ticket with them to have a look at this issue. I will post more info asap.
 
  • Like
Reactions: garycrist and sebastiantombs
You must log in or register to reply here.
Top Bottom