[plug] Dodgy tcp proxy

Brad Campbell brad at fnarfbargle.com
Wed Aug 23 09:31:15 AWST 2017 

G'day David,

I had already dropped them off a switch the week prior, and we tried 
exactly what you are suggesting prior to doing it the way we did it.

The reason that didn't work is the NVR in question has 8 PoE ports. They 
are managed by an internal switch in the NVR, and the NVR is 
individually aware of what is plugged into each port. When the camera is 
plugged into a port, the NVR configures it up and assigns it the 
recording channel associated with *that* port.

The NVR isn't capable of seeing more than one device on a port because 
it uses some trickery with the port to assign the recording channel on 
the unit. Thus putting the cameras on an external switch prevents the 
NVR from being able to see them, and it can't associate them with their 
normal channel numbers.

There is a tech note that says this *should* work, but in typical 
Chinese junk hardware/software fashion it *doesn't*.

It's all part of the "make it plug and play for the customer" perversity 
that brings with it all sorts of limitations.

I'm pretty familiar with these NVRs (unfortunately), so I knew there 
wasn't an issue with memory or CPU.


On 22/08/17 18:13, David Godfrey wrote:
> Hi Brad,
>
> I'd approach this in a very different way.
> Ask the customer to pickup an extra Network Switch.
> Get them to ply the camera (or cameras) in question into the switch, and
> also a cable between the switch and NVR.
>
> Then from your desktop simply setup some ssh port forwards between you
> and the remote linux system with the individual cameras and NVR as targets.
> You will likely need to also run something along the lines of
>     ip address add 192.0.0.x dev eth0
> on the remote linux box to allow it to "see" the camera network.
>
> Advantages of using this method
>
>   * You won't risk disturbing the capabilities of the NVR
>     I've seen quite a few of them that run very short of cpu and memory.
>     So much so, that running an extra process can cause issues with
>     recording
>   * No need for heavy protocols to connect to the remote linux machine,
>     simply use a direct ssh connection and some port forwards
>
> Disadvantages
>
>   * The only downside, and it's the obvious one,
>     is that the customer needs to have an extra switch,
>     and be able to plug/unplug some network cables.
>
>
> Regards
> David Godfrey
> SB Tech Services
> mb: +61 437 286 200 <tel:+61437286200>
>
> chat: with /dcg_mx/ at
> #sbts:matrix.org <http://riot.im/app/#/room/#sbts:matrix.org> (Computer)
> #sbts:matrix.org <http://matrix.to/#/#sbts:matrix.org> (mobile Device)
>
>
> On 21/08/17 14:42, Brad Campbell wrote:
>> G'day all,
>>
>> Just putting this out there as I looked for solutions and didn't find
>> anything workable.
>>
>> I'm doing some remote configuration on a system I have no physical
>> access to in order to help someone out.
>>
>> This is a cheap Chinese Hikvision NVR. I need to get access to one of
>> the cameras behind it. The NVR is on a 192.168.0.0/24 network and the
>> cameras are on a 192.0.0.0/24 network on the NVRs PoE switch. I can
>> get access to the network via a Linux machine and OpenVPN.
>>
>> If the cameras are using a native protocol the NVR provides a dodgy
>> internal port map that allows you to get access to the cameras web
>> interface. Unfortunately the camera in question uses another protocol
>> and thus the NVR won't let me near it.
>>
>> I have access to a telnet shell on the NVR, but the internal version
>> of Busybox doesn't really have anything useful (except tftp!).
>>
>> So, tftp a pre-compiled busybox binary (found on the busybox site to
>> same me the effort) to /tmp. Now use the busybox tcpdsvd to set up a
>> listening port, and run netcat on connection.
>>
>> ./busybox-armv6l tcpsvd 192.168.0.220 8080 ./busybox-armv6l nc
>> 192.0.0.13 80
>>
>> Boom. Connect to the NVR on port 8080 and it gets redirected to the
>> camera on port 80. Win.
>>
>> Alternatives gratefully solicited. Oddly enough this is something that
>> comes up from time to time and I seem to find a different method every
>> time.
>>
>> _______________________________________________
>> PLUG discussion list: plug at plug.org.au
>> http://lists.plug.org.au/mailman/listinfo/plug
>> Committee e-mail: committee at plug.org.au
>> PLUG Membership: http://www.plug.org.au/membership
>>
>
>
>
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://lists.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.org.au
> PLUG Membership: http://www.plug.org.au/membership
>

More information about the plug mailing list