Noticed that my Wansview K2 camera was making connections on its own to several servers, in China and on AWS. Find the camera's MAC address from the setup site Setup router security logging My Security Log looks like this.
Dec 24 01:17:50 2018 local5.notice<173> ulogd[876]: Blocked IN=br-lan OUT=eth0 MAC=xx:xx:xx:xx:xx:xx:cc:79:cf:xx:xx:xx:xx:xx SRC=192.168.1.xx DST= LEN=32 TOS=00 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP SPT=28755 DPT=32100 LEN=12 MARK=8000 
To get the remote IP I used this command
grep -i "CC:79:CF" SecurityLog.txt | cut -f12 -d' '| sort -u | cut -c5- 
for h in $( grep -i "CC:79:CF" SecurityLog.txt | cut -f12 -d' '| sort -u | cut -c5- ) ; do  echo -n "$h  " && whois $h | grep -i netname ; echo "" ; done

I found these addresses, if you see more do share: OK First find out our network addresses
Turn on promiscuous mode - not all cards can support this
sudo ip link set  promisc on
sudo ifconfig wlx0.... down
sudo iwconfig wlx0.... mode monitor
sudo iwconfig wlx0.... mode managed
sudo ifconfig wlx0.... up
Listen to the IP of the webcam
sudo tcpdump -vv -s 0 -n src host