Detect Wyze Cam v2 over the Network [not viewing video]
Looking for a way to detect if Wyze Cam is powered and online OR if someone has unplugged it.
Typically this is called “network monitoring” -but some people think this means viewing the video feed. I’m not interested in seeing the video via the network - just monitoring uptime and downtimes.
Wyze publishes a bunch of ports used - but so far I haven’t been able to monitor via those ports.
ICMP (ping) isn’t great because I want to monitor this externally across the WAN and forwarding ICMP packets isn’t ideal.
All I need is for the Wyze Cam to accept an incoming connection request on a specific port responding with an ACK or even SYN packet. - something!
Anyone found a way to monitor uptime? I asked Wyze Support but they didn’t understand the question and directed me to the forum. ( I think they thought I was taking about video streaming)
You would need to address this to Wyze support. I would open a ticket at the link below. I know you said they did not understand when you called so try a ticket. But if you are looking for managed hardware there are already plenty of managed cameras. But not at a 20 dollar price point.
I would suspect you would need to open ports on your router for external access at a minimum.
Yes already opened a ticket with them.
2nd - well versed in opening ports on routers/firewalls.
Already had this working with a cheap Chinese camera, so I know my process works.
In the case of the Thus based camera from China - it responded to requests on port 80. However without the right certificate key exchange you couldn’t actually establish a connection - but it would at least respond to http:// requests. - which was sufficient for my purposes.
So I know its possible in the $20 range. In fact the less secure the camera tye more likely it will respond on a specific port. So sometimes the cheaper the better.
At my job we monitor dozens of website to ensure they are up. Our monitoring system doesn’t have to log into them…just get an ACK back.
~ John Schutzman
I understand what you are asking. I don’t think Wyze really wants to get into helping end users open firewall ports and everything that goes with that. But maybe they will.
I was able to find two open ports with an portscan tool. Both ports respond to ICMP packets. I am sure if you are comfortable opening firewall ports you can take it from there. Took awhile they were up in the 22000 - 24000 range.
OH, as a Systems Administrator – I totally agree. Not expecting them to walk me thru opening ports. And its a slippery slope, for sure. BUT – as the ODM (original design manufacturer) aka ‘the vendor’ they should be able to describe basic behavior and advise customers WHEN their device will respond. They’re already halfway there – they already list some commonly used ports in their FAQ section. They just do not say if they are ‘ingress’ (incoming) or ‘egress’ (outgoing) ports. If they will respond (typically in networking its a SYN (reset) or an ACK (acknowlegement))
Obviously, based upon description of ports – some are most likely outgoing “upload” ports or probably locked to only download firmwares from a specific IP.
I guess I could setup WireShark and perform some packet captures - but honestly I was hoping that Wyze could answer what their default behavior is.
It is quite possible that their Wyze Cam doesn’t respond to standard network Syn, ACK, and RSN for security reasons.
ICMP are trickier because ICMP echos do not use a specific port. (they’re a datagram type but not a dedicated port) Most consumer grade (home) routers will not forward ICMP packets - they will either block them by default OR the router itself will respond to the ICMP ping request. I haven’t YET found a way to forward ICMP from the WAN to a specific host (wyze Cam) on my internal LAN using the consumer router that I have.
If I could figure this out with my ASUS router - than problem solved.
It took Wyze Support like a week to respond - I clarified my question and I expect it to be another week before I hear “NO” from them. hehehehehe
I’ll crack this nut - one way or another and let the community know. I was just hoping someone else, had already figured this out, since I’ve only had my Wize Cam a few weeks.
Will a Wyse Cam answer a ping?
If so, why don’t you just do a ping on some schedule and if it stops answering call it unresponsive?
Well there you go. If I were in the Linux world I’d just set up a ping in crontab to run every (minute? 10 seconds? whatever) and log it to a file. You should be able to do the equivalent in pretty much any OS.
I believe @jschutzm sees the possibilities now!
I’ll keep working on it and report back when I find a more elegant solution than having something (Linux/Win/Mac/Android/iOS) on the local network which pings the camera.
I’m trying to orchestrate this externally - not from within the local LAN. The screenshot seems to be from a Phone - which assumes they are on the same Wi-Fi access point as the Wyze cam (same subnet) I don’t want to have a machine sitting on my LAN that is ‘always on’ - just to monitor. There are external sites that can do this sorta thing for ya.
If I monitor ‘internally’ – then what happens if the ‘monitoring device’ is turned off or unplugged or otherwise compromised???
Yes, I could do this with Linux - but, again, that requires something on the inside of my network to always be up and running.
My goal is to orchestrate externally and reach INTO my LAN in order to verify uptime without having something on the inside which could be turned off.
PING (ICMP) is not the best tool for this, due to limitations of the consume router to forward ICMP packets to a host on the LAN.
I COULD also put the Wyze cam on the Router’s DMZ zone - but that is pretty extreme and would open it up to the ENTIRE internet. A hacker could find a vulnerability and take over the device. So I see putting it into the DMZ as a last resort and kinda ‘throwing it to the wolves’ - so to speak.
Trust me - if I wanted to monitor from within the LAN – PING would be fine and I would have never asked the question.
Ah I thought you said you were familiar with opening ports. I misunderstood. See if you open the right ports you can ping it externally. I was just illustrating it will respond to a ping.
Out of curiosity what kind of device/computer/phone were you going to use to monitor externally then?
Reach into what in your LAN? The camera?
Seems like you’re going to generate a lot of traffic from outside your LAN to inside your LAN and then have something on the outside keep up with the up_time. I just don’t see the advantage of this. This device also has to be up and running all the time, yes? Of course, since I have a number of Raspberry Pis on my networks that are up all the time, this would be very easy to implement for me and likely more secure as well.
Try forwarding TCP 22306 to the LAN IP of your camera. A port scan from the WAN shows the port as open on my V2 (i.e., it’s responding to a SYN with a SYN-ACK). My V2 responds to a telnet session on 22306 and connects.
My pan-cam also has 22306 open.
Yep pretty much what I found.
Answer is port 22306 – it isn’t listed on Wyze Cam FAQ and I don’t know what it is for – but it responds.
I’ll try to put together a guide on how to do this, in a few days.
~ John Schutzman
HOW TO MONITOR WYZE CAM v2 UPTIME EXTERNALLY
Wyze Cam v2 will respond on TCP port 22306 to unauthenticated requests. If you allow this port through from the internet (sometimes referred to as ‘port forwarding’) then you can essentially verify if your camera is powered and connected to your home network. The below instructions are a rough guide on how to configure this for 1 camera. If you have more than 1 Wyze Cam, then you can still use this guide, but it will get a little more complicated. You’ll have to map separate incoming ports to different internal IPs on your network.
DISCLAIMER: This guide is provided ‘as-is’ with no support, warranty, or guarantees implied or expressly stated. Follow these steps at your own risk. Changing your router/firewall settings comes with some inherent risks and could allow external attackers to probe for vulnerabilities on your Wyze Cam v2, Wyze Pan Cam or other devices. Hack at your own risk!
The best way to describe this process is to think of it as creating a rule which tells your home router that if someone from the internet (in this case, the monitoring service) attempts a connection on port 22306, then the router should redirect or ‘forward’ this request to a single device on the inside of your home network (the Wyze Cam). Without this rule, your router will ignore anyone on the internet who tries to talk to it, directly (other than ports used to surf the internet such as 80 or 443)
Determine the IP address used by your Wyze Cam. Easiest way to do this is to: A) Connect to your Wyze cam via the app. B) Settings > Device Info. The IP address of your Wyze Cam should be listed in the app.
Find the make / model of your home router. You will use this information in order to look up instructions on how to set a static IP and forward ports.
Google how to configure a device to use a static IP for your particular router. Some routers you have to know the MAC address of your Wyze Cam, while others will let you choose from a drop down menu. Set your router to give your Wyze Cam the same IP address everytime it starts up.
Select a FREE website monitoring service. One which is legitimate and sells other services for a profit and which has been around for a while. Ideally, verify that they are owned and operated in whichever country you reside in, so that there is less concerns with conflicting political ideologies or rogue nation state involvement. Google “top 10 free website monitoring services” or something similar.
UptimeRobot is an example of a FREE service that will monitor your Wyze Cam every 5 minutes. They are hosted out of Dallas TX - so if you live in the U.S. this is a fairly safe bet.
Signup for a FREE service from monitoring website identified in step1
Google "how to port forward [make / model of your router] Example: “how to port forward linksys wrt54g”
Log into your home router and follow the instructions that you found on the internet for port forwarding port 22306 on your particular type of router. Each router is a bit different, but generally you will click on some sorta advanced networking section and look for a tab or section called “port forwarding” or “trigger ports” or even “virtual servers” – again, it depends on your router which is why googling the instructions for your particular make/model is crucial.
Add a port fowarder or trigger port or virtual server for TCP 22306 by clicking Add or +. If your router has an option to do BOTH UDP and TCP, then you might as well select ‘both’
Open your browser and type in “Whats my IP” to find out what the IP address of your router is.
Log into the monitoring service that you signed up for, earlier.
Add a new monitor and enter the IP address from your ‘whats my ip’. Specify a custom port of 2306 and save the entry.