Finding Camera Stream Paths
This page is for collecting methods and approaches for obtaining camera stream paths. The best results will be with cameras tested by users in the Hardware Compatibility List. Next best results with cameras that detail the path in user manuals, and or are Onvif compliant. Proprietary cameras, and undocumented cameras are more difficult and may require some work if you can't locate the information in a web search.
Overall, this can be as simple as looking in the user manual, or as complicated as reverse engineering and breaking into the device. Choose your own adventure.
Overview
Typical methods of obtaining the cameras paths in order of easiest to hardest are:
- User Manual/Website
- Onvif probe
- Search online resources and forums
- Get access to the camera shell
- Sniff network packets with TCPDump or Wireshark
- Reverse Engineer
Double check that you don't have any other settings that may block cameras communicating to your computer (firewall, antivirus, etc). For new users who install using the recommended install guides, this should not be a concern.
Important!!!: While doing this testing, you want to keep in mind the following:
- Test outside of ZM, first. (this is faster)
- Verify that ffmpeg / vlc works (see below for examples of usage)
- use the info that works in ffmpeg or vlc in zm.
Resolution must be correct.
Testing out a Camera
Easy tools to quickly check whether a stream path works in ZM or not are VLC and Ffmpeg. As an example, VLC from the gui would connect to a network stream with a path possibly like
rtsp://<username>:<password>@<ipaddress>:<port>/<somepath>
See the hardware compatibility lists for more details. Port is usually but not always 554.
If you want to test from the terminal without X, you can use ffmpeg
$ ffmpeg -i rtsp://<username>:<password>@<ipaddress>:<port>/<somepath> output.mp4
If the stream connects, it will provide you with some information about the stream encoding, and also the resolution.
Note that the above are examples for RTSP. You would use http for MJPEG. See the Hardware Compatibility List for more details.
Required Fields
Not all fields are required to be filled in for Zoneminder.
- Resolution must be right.
- Most cameras require username/password.
If you are unsure how to fill in the information into Zoneminder, refer to the Hardware Compatibility List for other cameras, and copy them.
Note that the results you get from cameras will differ depending on how you connect to the camera (whether you choose, remote, ffmpeg, or libvlc in ZM).
Methods
User Manual
Reputable name brand cameras (Axis, Arecont Vision, Foscam, many others) will offer stream paths in the user manual or website. If you bought an unbranded cheap camera or one of the proprietary cameras sold in retail stores then you must move onto the other options.
Onvif
Starting with Zoneminder 1.30.4 there is an onvif probe option in the camera configuration. You can also use other Onvif probe programs.
Web Search Online
Ispyconnect has a large database of URLs available for cameras. The ZM wiki has some. Use a search engine. You may also come across a telnet or ssh password, which can be used to gain access to the camera OS.
Camera Shell
Many cameras run GNU/Linux. If you can get access to the files on the camera, through telnet, or through exploiting a vulnerability in the camera, then you can look around for paths. You may be able to send files from the camera to your local machine using FTP. Cameras often have busybox, or similar utils. Running the command "strings" on binaries may come up with something. Run nmap on the camera to see what ports are open. See more details in external links at the bottom.
$ nmap -p1-65535 <ipaddressofcamera>
Wireshark
Watch the packets coming from the camera when accessing the video stream, and determine where the stream is located if possible. Some cameras require custom authentication, so if your camera is proprietary, then things are more difficult. This is the danger of purchasing cameras that don't follow the standard (onvif).
Reverse Engineering
Reverse engineering is one possibly time-intensive method of gaining information about a given camera. See the reverse engineering links below.
External Links
- iSpy Connect cameras guide
- iSpy Database
- Official ZM Documentation on this subject
- Shinobi List
Reverse Engineering Links
- Advanced reverse engineering/exploitation of a medical device
- Reverse Engineering an IP Camera
- Reverse Engineering a consumer camera
- Wyzesensor reverse engineering (1/3)
- Wyzesensor reverse engineering (2/3)
- Wyzesensor reverse engineering (3/3)
- Xiaomi / Wyzecam Camera Reverse Engineering
- Reverse Engineering a Dashcam
- Huang, Andrew "Bunnie", (2017) The Hardware Hacker. pg 279. No Starch Press.