Checking for signs of trouble in network equipment to determine if it's compromised or malfunctioning
Checking for signs of trouble in network equipment to determine if it's compromised or malfunctioning
Hi I'm the IT person for my familiy and run into a strange problem recently. When a NVR device is connected to the network all other device get really bad web browsing experiences. Disconnect it and everything is fine again. As far as I can tell this problem happens in the router. Edit: This was working fine before and the cameras themself are on a physically separate network with only the NVR being connected to the main one. Now I want to find out if that NVR is acting malicious or just broken. I could change the router with a pfSense one to get more information. But I would have to take it away from somewhere else, configure it and reverse everything after. Does anyone know how to do this better? Or maybe know a device I can connect between NVR and network to read all the IP traffic, without much configuration? Thanks for any tips
Use a two-router setup to redirect all wireless IP camera traffic away from the primary router and direct it to the secondary one. Connect the server or PC to the secondary router for recording and remote access. Keep gaming and other network devices linked to the main router. Alternatively, buy an unmanaged gigabit switch to achieve strong separation between camera traffic and the rest of the network. For more details, see the article at the provided link.
It could just be a typical router problem caused by corruption over time, so a reset might help. I recommend checking for updates first, then reinstalling the software to fix any lingering issues. The router usually clears errors by unplugging it briefly, but the NVR probably needs a full reinstall. Regarding network slowdowns, many users have faced this problem for years; Google has made it seem severe since 2016, yet only those with issues appear in searches while others who plug in and work go unnoticed.
Did you set up a fixed IP address on the NVR? Did you assign it from the DHCP pool? That could lead to problems if you didn’t. Network ports and operating systems facing issues might flood the network during a failure. I’d favor those options before assuming the NVR was compromised. It shouldn’t happen, especially with another DHCP server broadcasting this can cause widespread network trouble. Double-check for any additional DHCP servers in place.
IP settings are fixed, so the issue isn’t there. A NVR might use a DHCP server, but it’s probably turned off. I’ll verify that. Your problem seems likely, but I need confirmation. How could you inspect traffic from the NVR? Something like Wireshark, though I’m unsure what configuration would fit.
It would help if the NVR was broadcasting everything, but it isn’t. I’ve already checked. After further research, I discovered 'internet connection sharing.' I plan to connect the NVR via LAN to my laptop and share its Wi-Fi with the rest of the network. This should allow me to monitor all traffic from the NVR.
Network sharing acts like a partial NAT. All shared resources sit on another subnet separate from your home LAN, with static routing enabling communication between LAN clients and the NAT. It’s an approach you might experiment with, though it could be unpredictable.