Mitm Proxy (Man In The Middle Proxy) Doubts

Dear IPVM community,

Need you you suggestion..... I have some experimental setup in a research lab where a many IP cameras (few different brand/ model) port forwarded to public static cloud IP's ( like AWS). Between the IP camera and cloud machine, there is Ubuntu virtual machine which running the MITM (Man In The Middle) proxy for reverse tunneling traffic using ssh. ( Please refer attached pic)Setup

Now the problem is : Camera web access page (after login as ADMIN) on the Firebox browser from Windows 7 laptop, did not show the video. It just show blank screen only (after correct plug-in installed). All other settings page works 100 %.

i.e: 1. Virtual Server / Virtual Machine (Ubuntu) : 192.168.1.81:8080 - no video not shown. all other access are working.

2. Public ip 139.162.13.15:8080 -no video not shown. all other access are working.

3. from local ip 192.168.1.122:81 - yes, it works as expected in the same Firefox browser from my laptop.

MitM proxy correctly configured and forward all the traffic to and from AWS cloud server. Not sure, why i can not see video,

I am using D-link, Hikvison and other cameras... all have same issue: No video.

For trouble shooting, i have captured the network traffic using Wireshark running on my laptop( pcap file). one with video (local ip) and without video (virtual server). Trying to find the what the key difference between pcap files. No clue... Not sure, what exactly look for in pcap file.. :(

Any suggestions welcome.. Thanks a lot.

-Cheers!


after correct plug-in installed

Pretty sure this is the issue. The plugin is attempting to stream video over RTSP/Port 554. You don't have reverse proxy rules setup for this (presumably), so the video is not getting through.

Agree, though it gets worse, since you will also need RTP open to pass the actual video, and those two ports are typically assigned during the RTSP handshake, so maybe a little tricker.

One thought is to use RTSP/RTP tunneled thru HTTP to avoid any proxy config.

Though it depends on the camera how (if it is supported in the first place) to use it. For instance the AMC media plugin for Axis allows this syntax axrtsphttp://<ip>/axis-media/media.amp

Everything will go thru one port then...

Thanks for inputs.Agree with your point...but i did not see rtsp protocol on Wireshark capture on both Hikvison and D-link packet.. In the Hikvision, after login, can see lot of HTTP GET request...

Not sure, how to check rtsp or any other vital clue to look in the pcap file. (assume i have pcap file with video or and file without video)

I tried to stream/play the live the video on VLC player using rtsp but not successful...

Cheers!

So you are seeing huge data packets in both files, right?

yes, each data 1252 bytes. Link to pcap files

No video:

1. https://1drv.ms/u/s!AgQa8i37A0si4l82Xx-E4JjGVCZs

Virtual machine IP: 10.0.8.81. (10.0.8.81:8082 camera access) NVR port 82 mapped to 8082.

my pc IP: 10.0.8.101

Video:

1. https://1drv.ms/u/s!AgQa8i37A0si4mClY1fXPzyjYemh

Local camera IP: 192.168.1.134:82

my PC: 192.168.1.93

I can not find what is key info missing when no video pcap file. Appreciate your help... :)

Thanks a lot.

With regards,

Chandra