A Wireshark dissector for DVRIP/Sofia protocol found on Xiongmai based IP cameras. Full working dissector code is available at a DVRIP analysis repository . Full writeup of a sample IP camera on which this dissector was tested is available at Besder 6024PB-XMA501 IP camera security investigation repository. Table of Contents Usage Linux Windows Test Device DVRIP/Sofia Headers DVRIP/Sofia Message Header Audio Header I-Frame Header P-Frame Header Information Frame Header Saving Streams Cloud Communications DVRIP/Sofia Protocol Field List Usage Linux cp dvripWireshark.lua /usr/lib/wireshark/plugins/ Enter fullscreen mode Exit fullscreen mode Windows Copy dvripWireshark.lua to %APPDATA%\Wireshark\plugins Test Device This dissector is based on a DVRIP Wireshark Dissector for Port TCP/37777 (Dahua IP camera), which can be found here: https://github.com/r4bit999/dvrip-analysis/tree/master DVRIP/Sofia protocol found in Xiongmai-based IP cameras run on the following ports: TCP/34567 for local controls and media…