Using WireShark to try to discover what is bringing down a small business
network I maintain. Security system with 14 cameras was recently installed
with a GenIV NVR running on the same 1Gb network. Max bandwidth for the
security video is around 20Mb, so that’s not the problem

Finally got some data that shows an av-emb-config protocol from each camera
(the source) using port 2050 and broadcasting to port 5050 as the
destination and WireShark shows malformed packets at the same time that the
firewall log shows its rebooting.

Not asking for troubleshooting advice but has anyone any knowledge of what
the av-emb-config protocol is used for? The cameras do have an option for
Bonjour, no audio options. WireShark shows thousands of entries of the
av-emb-config protocol using the port combination of 2050 / 63297 and no
errors. Firewall reboots only when the port combination of 2050 /5050
(mmcc) is used.

Here's the kicker. All 14 cameras start kicking out malformed packets in the
av-emb-config protocol at the same time. The firewall - from what I've
found, will consider it an attack and obviously reboots and knocks down the
network for a few minutes, then restores operation.

I've set up some new rules to block ports 2050 / 5050 to see if that is a
temporary fix. Would like to know why this protocol uses ports 2050 / 63297
all day long and then at some point switches and uses ports 2050 / 5050 and
produces malformed packets.

What is this protocol doing and why? Goggled till the cows came and
went.....

Thanks,

BobS