slide1
Download
Skip this Video
Download Presentation
Exposing VoIP problems with Wireshark April 2, 2008 Sean Walberg Network Guy | Canwest SHARK FEST \'08 Foothill College March 31 - April 2, 2008

Loading in 2 Seconds...

play fullscreen
1 / 39

SHARKFEST 08 Foothill College March 31 - April 2, 2008 - PowerPoint PPT Presentation


  • 169 Views
  • Uploaded on

Exposing VoIP problems with Wireshark April 2, 2008 Sean Walberg Network Guy | Canwest SHARK FEST \'08 Foothill College March 31 - April 2, 2008. Voice is just another application. Without tools, VoIP is a black box. Wireshark has tools to analyze VoIP. The Agenda.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'SHARKFEST 08 Foothill College March 31 - April 2, 2008' - michiko


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1
SHARKFEST \'08 | Foothill College | March 31 - April 2, 2008

Exposing VoIP problems with Wireshark

April 2, 2008

Sean Walberg

Network Guy | Canwest

SHARKFEST \'08

Foothill College

March 31 - April 2, 2008

the agenda
The Agenda
  • Capturing VoIP traffic
  • Using the basic Wireshark tools
  • Digging into the signaling traffic
  • Analyzing the RTP traffic
or it might do this
Or, it might do this

Voice

Signaling

same conversation different perspectives
Same conversation, different perspectives

Here you see B – A jitter, but not A - B

Here you see A – B jitter, but not B - A

nat changes the address
NAT changes the address

Src=C

Dst=D

Src=A

Dst=B

The address changes

within the cloud!

by the way
By the way…

If the signaling or the voice is encrypted, you won’t be able to decode it.

Sorry.

add a column for dscp
Add a column for DSCP

Signaling

Tagged RTP

Untagged

RTP

Insert -> Preferences

User Interface->Columns

use color to show qos problems
Use color to show QoS problems

View -> Coloring Rules

are you running a proprietary pbx
Are you running a proprietary PBX?

Edit -> Properties, Protocols -> RTP

signaling protocols
Signaling protocols
  • SIP (from the IETF)
  • H.323 (from the ITU)
  • MGCP
  • IAX
  • SS7 (Telco)
  • GSM (Telco/Cell)
  • SCCP (Cisco Skinny)
  • Vendor specific
the role of signaling
The role of signaling
  • Indicate to the remote end that a call is coming
  • Establish the codec to be used for voice
  • Establish the addresses of the endpoints
  • Get out of the way
  • Tear down the connection once it’s done
the properties of rtp
The properties of RTP
  • RTP simulates the real time voice normally carried over a wire
  • 4KHz voice bandwidth = 8KHz sampling rate (Nyquist)
  • 8 bits/sample * 8KHz = 64,000bps (DS0)
  • A Codec (G.711u/A law, G.729, G.726, etc)
  • Most codecs use 20ms voice samples = 50pps
  • Even with compression, you have a fairly consistent packet rate, only the size changes
three factors that affect voice quality
Three factors that affect voice quality

Latency <= 150ms (one way)

Jitter <= 20ms

Packet loss <= 0.1%

latency 150ms one way
Latency <= 150ms (one way)

Jitter buffer,

Transcoding

delay

Path delay

Serialization

delay

Hi, how are you?Hello? Oops, sorry, go ahead

Fine, I oh hello, go ahead

packet loss 0 1
Packet Loss <= 0.1%

Hi Bo *POP* How *POP*e you?

Hi Bo How you?

jitter 20ms
Jitter <= 20ms

Better late than never? No.

that s it
That’s it!

I’m [email protected]

Links related to this talk:

http://del.icio.us/seanw/sharkfest08

ad