Finding Camera Stream Paths
Since a common question is: "How do I get this camera to work with ZM?" there should be a page for it.
This page is for collecting methods and approaches for obtaining camera stream paths. The best results will be with cameras tested by users in the Hardware Compatibility List. Next best results with cameras that detail the path in user manuals, and or are Onvif compliant. Proprietary cameras, and undocumented cameras are more difficult and may require some work if you can't locate the information in a web search.
Typical methods of obtaining the cameras paths in order of easiest to hardest are:
- User Manual/Website
- Onvif probe
- Search online resources and forums
- Get access to the camera shell
- Sniff network packets with TCPDump or Wireshark
- Reverse Engineer
It's important to also double check before this process that you don't have any other settings that may block cameras communicating to your computer (firewall, antivirus, etc). For new users who install using the recommended install guides, this should not be a concern.
Not all fields are required to be filled in for Zoneminder.
- Resolution must be right.
- Most cameras require username/password.
If you are unsure how to fill in the information into Zoneminder, refer to the Hardware Compatibility List for other cameras, and copy them.
Reputable name brand cameras (Axis, Arecont Vision, Foscam, many others) will offer stream paths in the user manual or website. If you bought an unbranded cheap camera or one of the proprietary cameras sold in retail stores then you must move onto the other options.
Starting with Zoneminder 1.30.4 there is an onvif probe option in the camera configuration. You can also use other Onvif probe programs.
Web Search Online
Ispyconnect has a large database of URLs available for cameras. The ZM wiki has some. Use a search engine. You may also come across a telnet or ssh password, which can be used to gain access to the camera OS.
Many cameras run GNU/Linux. If you can get access to the files on the camera, through telnet, or through exploiting a vulnerability in the camera, then you can look around for paths. You may be able to send files from the camera to your local machine using FTP. Cameras often have busybox, or similar utils. Running the command "strings" on binaries may come up with something. Run nmap on the camera to see what ports are open. See more details in external links at the bottom.
$ nmap -p1-65535 <ipaddressofcamera>
Watch the packets coming from the camera when accessing the video stream, and determine where the stream is located if possible. Some cameras require custom authentication, so if your camera is proprietary, then things are more difficult. This is the danger of purchasing cameras that don't follow the standard (onvif).
Dumping the flash with hardware would be a last resort. I wouldn't recommend it for the layman. If you have access to a microcontroller or SBC such as a Raspberry Pi or Beaglebone you might be able to configure it similar to this method used by the libreboot project perhaps, if it is SPI compatible. Also see this walkthrough by Sgayou for advanced techniques and approaches for reverse engineering embedded devices.