Find out what address my CCTV requests updates from

Associate
Joined
27 Mar 2012
Posts
6
Hi all,

I have a cctv box that keeps crashing (everyday) while trying to update. I have been told that there is no update for the box. If I leave the Ethernet cable out it runs fine. It’s a Chinese box so no support from the manufacturer.

Is there a way I can monitor traffic over the Ethernet connection to find the address the box is contacting so that I can block it in my router?

thanks

Dan
 
I’ve yet to see a surveillance recorder where you can’t switch off the update check. What sort of recorder is it?
 
There's a few ways you can do it, all with varying levels of difficultly which may not be possible with the equipment you currently have.

- Monitor DNS queries. If you use something like Pi-Hole as your DNS server then it logs what DNS queries your clients make so you could search for queries made by the CCTV box and then you could either block the DNS query itself so that the CCTV box can't find the update server or you could do as you planned and blackhole it in your router. Doing it with DNS is likely to be more reliable as if the IP address behind the DNS record changes then the IP block in the router will stop being effective.

- Switch port mirroring. Essentially any traffic to/from the CCTV box is also sent to another switch port so you can capture and analyze it. Not easy if you don't know what you're doing.

Are you accessing the CCTV box remotely? If you're not then you could edit the network setup on the CCTV box and remove the default gateway, that way it'll work on the local LAN just fine but it won't have any internet access. You could also try leaving the default gateway in place but removing the DNS servers.
 
There's a few ways you can do it, all with varying levels of difficultly which may not be possible with the equipment you currently have.

- Monitor DNS queries. If you use something like Pi-Hole as your DNS server then it logs what DNS queries your clients make so you could search for queries made by the CCTV box and then you could either block the DNS query itself so that the CCTV box can't find the update server or you could do as you planned and blackhole it in your router. Doing it with DNS is likely to be more reliable as if the IP address behind the DNS record changes then the IP block in the router will stop being effective.

- Switch port mirroring. Essentially any traffic to/from the CCTV box is also sent to another switch port so you can capture and analyze it. Not easy if you don't know what you're doing.

Are you accessing the CCTV box remotely? If you're not then you could edit the network setup on the CCTV box and remove the default gateway, that way it'll work on the local LAN just fine but it won't have any internet access. You could also try leaving the default gateway in place but removing the DNS servers.

Thanks very much, I do run Pi-Hole so this is method is perfect
 
Back
Top Bottom