Slide1 l.jpg
Sponsored Links
This presentation is the property of its rightful owner.
1 / 39

Exposing VoIP problems with Wireshark April 2, 2008 Sean Walberg Network Guy | Canwest SHARK FEST '08 Foothill College March 31 - April 2, 2008 PowerPoint PPT Presentation


  • 148 Views
  • Uploaded on
  • Presentation posted in: General

Exposing VoIP problems with Wireshark April 2, 2008 Sean Walberg Network Guy | Canwest SHARK FEST '08 Foothill College March 31 - April 2, 2008. Voice is just another application. Without tools, VoIP is a black box. Wireshark has tools to analyze VoIP. The Agenda.

Download Presentation

Exposing VoIP problems with Wireshark April 2, 2008 Sean Walberg Network Guy | Canwest SHARK FEST '08 Foothill College March 31 - April 2, 2008

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


SHARKFEST '08 | Foothill College | March 31 - April 2, 2008

Exposing VoIP problems with Wireshark

April 2, 2008

Sean Walberg

Network Guy | Canwest

SHARKFEST '08

Foothill College

March 31 - April 2, 2008


Voice is just another application


SHARKFEST '08 | Foothill College | March 31 - April 2, 2008

Without tools, VoIP is a black box


Wireshark has tools to analyze VoIP


The Agenda

  • Capturing VoIP traffic

  • Using the basic Wireshark tools

  • Digging into the signaling traffic

  • Analyzing the RTP traffic


About you


About me


1. Capture the VoIP traffic


Location, Location, Location


Just a simple network


The signaling traffic takes a different path from the RTP traffic

Voice

Signaling


Or, it might do this

Voice

Signaling


Same conversation, different perspectives

Here you see B – A jitter, but not A - B

Here you see A – B jitter, but not B - A


NAT changes the address

Src=C

Dst=D

Src=A

Dst=B

The address changes

within the cloud!


Set your capture filters


By the way…

If the signaling or the voice is encrypted, you won’t be able to decode it.

Sorry.


2. Use the basic tools


The Packet List window


Summaries are displayed here


Quality of Service for VoIP networks


Add a column for DSCP

Signaling

Tagged RTP

Untagged

RTP

Insert -> Preferences

User Interface->Columns


Use color to show QoS problems

View -> Coloring Rules


Are you running a proprietary PBX?

Edit -> Properties, Protocols -> RTP


Use the Packet Details pane to see what’s inside the packet


3. Dig into the signaling traffic


Signaling protocols

  • SIP (from the IETF)

  • H.323 (from the ITU)

  • MGCP

  • IAX

  • SS7 (Telco)

  • GSM (Telco/Cell)

  • SCCP (Cisco Skinny)

  • Vendor specific


The role of signaling

  • Indicate to the remote end that a call is coming

  • Establish the codec to be used for voice

  • Establish the addresses of the endpoints

  • Get out of the way

  • Tear down the connection once it’s done


The 10,000 foot view of SIP

Statistics -> SIP


Demo – VoIP Call Statistics


4. Analyze the RTP traffic


The properties of RTP

  • RTP simulates the real time voice normally carried over a wire

  • 4KHz voice bandwidth = 8KHz sampling rate (Nyquist)

  • 8 bits/sample * 8KHz = 64,000bps (DS0)

  • A Codec (G.711u/A law, G.729, G.726, etc)

  • Most codecs use 20ms voice samples = 50pps

  • Even with compression, you have a fairly consistent packet rate, only the size changes


Three factors that affect voice quality

Latency <= 150ms (one way)

Jitter <= 20ms

Packet loss <= 0.1%


Latency <= 150ms (one way)

Jitter buffer,

Transcoding

delay

Path delay

Serialization

delay

Hi, how are you?Hello? Oops, sorry, go ahead

Fine, I oh hello, go ahead


Packet Loss <= 0.1%

Hi Bo *POP* How *POP*e you?

Hi Bo How you?


Jitter <= 20ms

Better late than never? No.


Demo – RTP Statistics


Optional – IO Statistics


Optional – Other things you can do to monitor VoIP


That’s it!

I’m sean@ertw.com

Links related to this talk:

http://del.icio.us/seanw/sharkfest08


  • Login