From: no-place@here.com   
      
   Using WireShark to try to discover what is bringing down a small business   
   network I maintain.  Security system with 14 cameras was recently installed   
   with a GenIV NVR running on the same 1Gb network.  Max bandwidth for the   
   security video is around 20Mb, so that’s not the problem   
      
   Finally got some data that shows an av-emb-config protocol from each camera   
   (the source) using port 2050 and broadcasting to port 5050 as the   
   destination and WireShark shows malformed packets at the same time that the   
   firewall log shows its rebooting.   
      
   Not asking for troubleshooting advice but has anyone any knowledge of what   
   the av-emb-config protocol is used for?  The cameras do have an option for   
   Bonjour, no audio options.  WireShark shows thousands of entries of the   
   av-emb-config protocol using the port combination of 2050 / 63297 and no   
   errors.  Firewall reboots only when the port combination of 2050 /5050   
   (mmcc) is used.   
      
   Here's the kicker. All 14 cameras start kicking out malformed packets in the   
   av-emb-config protocol at the same time.  The firewall - from what I've   
   found, will consider it an attack and obviously reboots and knocks down the   
   network for a few minutes, then restores operation.   
      
   I've set up some new rules to block ports 2050 / 5050 to see if that is a   
   temporary fix.  Would like to know why this protocol uses ports 2050 / 63297   
   all day long and then at some point switches and uses ports 2050 / 5050 and   
   produces malformed packets.   
      
   What is this protocol doing and why?  Goggled till the cows came and   
   went.....   
      
   Thanks,   
      
   BobS   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)