Weird traffic coming out of my camera traffic


I been analyzing the two cameras I have and they are going to this

Does anyone know why it needs to go there? Thats the main weird traffic that I see but there is others.

I was hoping this cameras when I bought them would be more secure than the others. Looks like all the cameras will need to be on an isolated network with no outbound traffic.

Don’t get me wrong, but I do love the product and bought two more cameras. They are very good cameras but seeing what the traffic is doing got me concern.

Very weird. I’ve never seen any reports of that.

Can you show us what is indicating this to you?

Got a Wireshark log ? :slight_smile:

What are you using to see the traffic?

When I (probably not so wisely) access these sites neither loads or responds.

1 Like

According to the required ports list. Port 10001 is needed for P2P streaming of live cameras. This would be connecting to other temporary servers on the peer to peer network. Since these networks are as hoc, you never really know where the connection is going to go.

If you’re really worried, you can block the port at the router level. You will not be able to live stream the cameras from outside your network.


I was seeing the traffic on the router and I am going to isolate it by putting the camera on its on isolated network.

In the lists of ports though it states it needs to be TCP/10001 and is for “local live streaming”

This is the camera initiating a connection to 3 different remote servers of unknown ownership streaming my video out on UDP. Also, definitely not local. That doesn’t match up to the port chart Wyze has mapped out.

I have broken access to the outbound connection and it breaks the apps streaming. I need to do a pcap here tomorrow and see how the video is going out, but hopefully not unencrypted UDP video stream through a random server.

Interestingly after a couple minutes all my cams came back online, and seemed to start communicating on UDP port 10240 to random IP addresses now, with the bulk of my video stream going out to a remote server on TCP 21047 it looks like, at least thats the biggest amount of data on any given socket…

These cameras work well, but man the networking backend is a tad funky and concerning.

It actually says:

TCP: 10001 | P2P streaming connection | Local live streaming over WiFi

There are three columns. P2P connections are done through a third-party that Wyze contracts with.

Even if that is so, the chart is inaccurate. It lists the port as TCP, not UDP. It doesn’t say anything about a failover port either.

I am aware there are three columns, but it states that “what it does” is p2p and “what it’s used for” is local live streaming over wifi. If it’s local live streaming over wifi, why is it sending udp streams remotely to the internet?

The documentation in general is short on technical details.

Personally, if I had a problem with the traffic, I would block the outgoing port at my router. See what breaks and if I can live without it. I doubt that Wyze is going to get very technical on this with a consumer camera. It would be over the head of most people.

1 Like

I am not aware of any known connection between Wyze and or The port 10001 is used by TUTK camera SDK to communicate to TUTK servers. If you keep seeing the problem, can you share out the server IP which resolved to migreatjob and weekendpartycancel5? I wonder if it was because of tools accidentally resolving IP address to a DNS. I know their server IPs could change due to multiple reasons.

Once I get the IP I can check and confirm with TUTK.

1 Like

I tried this, and the cameras started communicating on a failover UDP port (10240) instead of 10001 as indicated in my firewall logs I posted here a few weeks ago.

Found the same connection to maigreatjob from my cam pan today :thinking:
I’m unable to ping it or resolve its IP, but according to IP is , located in the US

Hi, this is confirmed to be one P2P server that is provided by ThroughTek (TUTK) for Wyze camera connections. I guess the IP was likely previously used by Let me contact ThroughTek to see if they can change the IP. They are in Lunar New Year break for now. I will follow up once they get back next week. I can confirm it is a known server IP. Thanks!


An update on IP First it is confirmed to be a TUTK server. Secondly, we worked with TUTK and their data center to remove the false association of I checked on Reverse DNS Lookup -® and IP Location Lookup - Instantly Locate an IP Location. Both of them don’t show Thanks!