IPC-HDW5442TM-AS huge internet traffic
- Thread starter Scale
- Start date
unclepabs
n3wb
it’s possible if you’re using P2P serial number connection method, and if the primary DNS in the camera network configuration is set to 8.8.8.8 there is a constant 200Kb/s to 400Kb/s polling which will consume your data! Try changing the primary DNS to be the Internet router’s local IP address (same IP as the default gateway you’ve input in the camera) & see how that goes?
Unless you’re on a static sim; (are you?), you are at the mercy of the cellular provider and them using CGNAT to split IPV4 addresses due to IPV4 saturation. With CGNAT, the actual IP address provided to your cellular router will be a shared IP sitting between the mast; and the provider’s shared routing equipment to which you or I have no access to program in NAT / port rules or even VPN or ability to bind Dyndns.
Try the DNS change I suggest; as I believe using P2P and DNS 8.8.8.8 via cellular CGNAT results in excessive DNS polling while the camera / recorder are “keeping alive” with the Dahua P2P services
I hope that all makes sense?
Last edited:
unclepabs
n3wb
Just remembered something else; off the top of my head I can’t recall where it is in the menu; but also turn off “Bonjour” service.
Another downside behind CGNAT & having non static IP is; say your away from home, your generally unable to monitor wether connection has gone down or the camera is down; unless you have a cloud service to access the router and it’s status from anywhere?
One possible; turn off P2P, setup a mini pc / stick pc & have a “always on” teamviewer connection; connect the camera into SPSS on the PC & access that way; bit long winded & extra overhead; but if that’s your only option, then have a play. You can even use Microsoft template tools to lock down the O/S components & create an autorun routine for just the teamviewer & SPSS apps. Good luck ;-)
tigerwillow1
Known around here
I enable P2P only on the NVR and view the cameras remotely through the NVR. The individual cameras are blocked from talking to the internet. I only have to worry about one device doing something weird instead of 15 cameras with almost that many different models and/or firmware versions. I've never had the need to change a camera setting while away from home.
unclepabs
n3wb
In regard to my two replies; Same principle applies exactly same wether Dahua camera or NVR.
I’d still turn P2P and Bonjour off on each camera incase there’s any traffic pass through the recorder.
Good luck
unclepabs
n3wb
Also, drop the sub-stream on the NVR for each camera to the minimum you can withstand; try D1 704x576 12ips VBR & 256Kb/s max per cam
Hi
I'm experiencing the same issues at a site, today the connection has been closed by the mobile operador, as it reached 1068 GB (Yes, correct, 1068 !!!! ) on a small site with a Mikrotik 4G/LTE router, a NVR and 4 IP cams. For some reason looks like the NVR is streaming to somewhere, I can see sometimes 6 mb/s or more trafic and noone is connected. I changed users / password etc rebooted etc and I tougth it stoped but a while again it seems to trasnfer data again.
The ssytem has a firewall at the mikrotik router and the provider has a CGNAT so there is no direct conneciton from outside.
I readed this thread but any of the comments don't apply to this issue afaik. System neither hacked or any other strange issues. The NVR is a NVR-4808-8P-I and the càmeres are IPC-HFW3441T-ZS
Currently the system is inaccessible as the provider cut the conneciton, asap I get it back I will do some network captures.
If anyone has any other idea what it can be, or where to look at it will be very kind!!
I'm experiencing the same issues at a site, today the connection has been closed by the mobile operador, as it reached 1068 GB (Yes, correct, 1068 !!!! ) on a small site with a Mikrotik 4G/LTE router, a NVR and 4 IP cams. For some reason looks like the NVR is streaming to somewhere, I can see sometimes 6 mb/s or more trafic and noone is connected. I changed users / password etc rebooted etc and I tougth it stoped but a while again it seems to trasnfer data again.
The ssytem has a firewall at the mikrotik router and the provider has a CGNAT so there is no direct conneciton from outside.
I readed this thread but any of the comments don't apply to this issue afaik. System neither hacked or any other strange issues. The NVR is a NVR-4808-8P-I and the càmeres are IPC-HFW3441T-ZS
Currently the system is inaccessible as the provider cut the conneciton, asap I get it back I will do some network captures.
If anyone has any other idea what it can be, or where to look at it will be very kind!!
user8963
Known around here
@pietervos
Use wireshark and look for the destination. If its amazon datacenter, its related to dahua p2p cloud feature. Without destination IP you cannot tell anything.
Use wireshark and look for the destination. If its amazon datacenter, its related to dahua p2p cloud feature. Without destination IP you cannot tell anything.
For sure, and from what I remember I had a look some time before and one of the connections having 6 mb/s transfer was indeed to a amazon IP. In this case, what can be the issue ?? The 3 user account I have have changed password, and once I rebooted the NVR and without any logon (in the log) the trasnfer started again.
user8963
Known around here
Dahua and Hikvision are always playing with their apps / cloud.
Sometimes push notifications stops working, next day something else.
They are obsessed with destroying things which worked fine.
What can be the issue ? WHO CARES
Stop using p2p connections !! Use tailscale or zerotier if you are behind cgnat.
There will be nothing in the log. p2p does not care about your password.. they dont need it.
Sometimes push notifications stops working, next day something else.
They are obsessed with destroying things which worked fine.
What can be the issue ? WHO CARES
Stop using p2p connections !! Use tailscale or zerotier if you are behind cgnat.
There will be nothing in the log. p2p does not care about your password.. they dont need it.
I got it online again, and traffice is intense, checking graphs around 9 mb/s continuos all day:
View attachment 114848
Checked connections and there are those two destinations (.118.200 is the NVR):
View attachment 114847
First IP i didn't get info, the second is a HK/CN cloud service..
128.1.42.47
118.193.58.194
| irt: | IRT-UCLOUD-HK |
| address: | FLAT/RM 603 6/F, LAWS COMMERCIAL PLAZA, 788 CHEUNG SHA WAN ROAD, KL,, Hong Kong |
| e-mail: | u-ipnic@ucloud.cn |
| abuse-mailbox: | u-ipnic@ucloud.cn |
| admin-c: | UITH1-AP |
| tech-c: | UITH1-AP |
| auth: | # Filtered |
| remarks: | u-ipnic@ucloud.cn was validated on 2021-11-17 |
| mnt-by: | MAINT-UCLOUD-HK |
| last-modified: | 2021-11-17T02:59:47Z |
| source: | APNIC |
inetnum: 8.208.0.0 - 8.223.255.255
netname: ASEPL-SG
descr: Alibaba.com Singapore E-Commerce Private Limited
country: SG
org: ORG-ASEP1-AP
admin-c: ASEP1-AP
tech-c: ASEP1-AP
abuse-c: AA1926-AP
status: ALLOCATED PORTABLE
remarks: --------------------------------------------------------
remarks: To report network abuse, please contact mnt-irt
remarks: For troubleshooting, please contact tech-c and admin-c
remarks: Report invalid contact via www.apnic.net/invalidcontact
remarks: --------------------------------------------------------
mnt-by: APNIC-HM
mnt-lower: MAINT-ASEPL-SG
mnt-routes: MAINT-ASEPL-SG
mnt-irt: IRT-ASEPL-SG
last-modified: 2020-10-12T07:54:10Z
source: APNIC
sebastiantombs
Known around here
What firmware are you running on that camera? Are the other 5442s on that system running the same version? It maybe time to try updating the firmware just to overwrite what's in there and, hopefully, overwrite what ever is going wrong.
user8963
Known around here
yes please post screenshots of firmware version.
i tried one 5442 with dec 2020 firmware and enabled p2p
absolute NO traffic, only if i connect via DMSS
i tried one 5442 with dec 2020 firmware and enabled p2p
absolute NO traffic, only if i connect via DMSS
Hi
The NVR is a 4208-8P-I, I have some more online but using fiber or dsl instead of a data-limited 4G and no router where to check the traffic, so it can be the other ones are also generating this trafic (I will try to put a mikrotik on one of the other sites to check).
Firmware:
The 4 cameres run the same firmware:
The NVR is a 4208-8P-I, I have some more online but using fiber or dsl instead of a data-limited 4G and no router where to check the traffic, so it can be the other ones are also generating this trafic (I will try to put a mikrotik on one of the other sites to check).
Firmware:
The 4 cameres run the same firmware:
sebastiantombs
Known around here
I'd update that firmware.
ipcamtalk.com
IPC-T5442T-ZE IPC-T5442TM-AS IPC-T5842T-ZE SMD 3.0 Smart IR Latest New Firmware From EmpireTech
Hey guys The Smart IR firmware with SMD 3.0 V2.8 2022 Aug Version has been released. The update is mainly for Smart IR, New Security Baseline function, highly recommend to update, esp the 4K models. This firmware is working great with the help of @Wildcat_1 , has big improvement on the 4K...
user8963
Known around here
hmm.
So ONLY the nvr is streaming to china cloud? or do you see traffic between the cameras and china?
according to dahua website, DH_NVR4XXX-I_MultiLang_V4.002.0000000.0.R.210811 is the latest firmware for the 1st gen nvr4208 (which you already have)
If you only see traffic between nvr and china, downgrade to OLDER version
DH_NVR4XXX-I_MultiLang_NP_V4.000.0000000.1.R.20190809.bin 2020-03-12 11:16
DH_NVR4XXX-I_MultiLang_V4.000.0000000.0.R.20190713.bin 2020-02-28 08:50
DH_NVR4XXX-I_MultiLang_V4.001.0000000.0.R.200622.bin 2020-07-06 16:05
DH_NVR4XXX-I_MultiLang_V4.001.0000000.1.R.200707.bin 2020-07-28 11:31
DH_NVR4XXX-I_MultiLang_V4.001.0000000.2.R.200814.bin 2020-10-01 12:42
DH_NVR4XXX-I_MultiLang_V4.001.0000000.3.R.201022.bin 2020-11-16 13:42
DH_NVR4XXX-I_MultiLang_V4.001.0000000.3.R.210710.bin 2021-07-20 14:24
i would test 2020 firmware, but remember... ALL OLD FIRMWARE HAVE KNOWN SECURITY ISSUES.
If the traffic goes down, this is a job for andy to contact dahua
So ONLY the nvr is streaming to china cloud? or do you see traffic between the cameras and china?
according to dahua website, DH_NVR4XXX-I_MultiLang_V4.002.0000000.0.R.210811 is the latest firmware for the 1st gen nvr4208 (which you already have)
If you only see traffic between nvr and china, downgrade to OLDER version
DH_NVR4XXX-I_MultiLang_NP_V4.000.0000000.1.R.20190809.bin 2020-03-12 11:16
DH_NVR4XXX-I_MultiLang_V4.000.0000000.0.R.20190713.bin 2020-02-28 08:50
DH_NVR4XXX-I_MultiLang_V4.001.0000000.0.R.200622.bin 2020-07-06 16:05
DH_NVR4XXX-I_MultiLang_V4.001.0000000.1.R.200707.bin 2020-07-28 11:31
DH_NVR4XXX-I_MultiLang_V4.001.0000000.2.R.200814.bin 2020-10-01 12:42
DH_NVR4XXX-I_MultiLang_V4.001.0000000.3.R.201022.bin 2020-11-16 13:42
DH_NVR4XXX-I_MultiLang_V4.001.0000000.3.R.210710.bin 2021-07-20 14:24
i would test 2020 firmware, but remember... ALL OLD FIRMWARE HAVE KNOWN SECURITY ISSUES.
If the traffic goes down, this is a job for andy to contact dahua
sebastiantombs
Known around here
I believe the original post said a camera was the culprit. The firmware for the camera is relatively old and an update may help the situation IF it is the source of the traffic.
user8963
Known around here
i think this is also the newst firmware for hfw3441t-zs,
original poster was 5442tm , this one here uses different cameras
Correct, i followed the thread because of the problem, but with diffrent NVR. I've been doing some more traces and it looks like the last IP where I get a lot of trafic is from our Monitoring Station Company, and looks like once they connect it doesn't disconnect and the streaming is still running. I just opened a ticket with them to have a look at this issue. I will post more info asap.
user8963
Known around here
So you are using a monitoring company which is using dahua p2p?
I think we should stop here
I think we should stop here