SHARKFEST '08  |  Foothill College  |  March 31 - April 2, 2008
Download
1 / 39

SHARKFEST 08 Foothill College March 31 - April 2, 2008 - PowerPoint PPT Presentation


  • 167 Views
  • Uploaded on

Exposing VoIP problems with Wireshark April 2, 2008 Sean Walberg Network Guy | Canwest SHARK FEST '08 Foothill College March 31 - April 2, 2008. Voice is just another application. Without tools, VoIP is a black box. Wireshark has tools to analyze VoIP. The Agenda.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'SHARKFEST 08 Foothill College March 31 - April 2, 2008' - michiko


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Slide1 l.jpg

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008

Exposing VoIP problems with Wireshark

April 2, 2008

Sean Walberg

Network Guy | Canwest

SHARKFEST '08

Foothill College

March 31 - April 2, 2008



Without tools voip is a black box l.jpg

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008

Without tools, VoIP is a black box



The agenda l.jpg
The Agenda 2008

  • Capturing VoIP traffic

  • Using the basic Wireshark tools

  • Digging into the signaling traffic

  • Analyzing the RTP traffic


About you l.jpg
About you 2008


About me l.jpg
About me 2008






Or it might do this l.jpg
Or, it might do this traffic

Voice

Signaling


Same conversation different perspectives l.jpg
Same conversation, different perspectives traffic

Here you see B – A jitter, but not A - B

Here you see A – B jitter, but not B - A


Nat changes the address l.jpg
NAT changes the address traffic

Src=C

Dst=D

Src=A

Dst=B

The address changes

within the cloud!



By the way l.jpg
By the way… traffic

If the signaling or the voice is encrypted, you won’t be able to decode it.

Sorry.



The packet list window l.jpg
The trafficPacket List window




Add a column for dscp l.jpg
Add a column for DSCP traffic

Signaling

Tagged RTP

Untagged

RTP

Insert -> Preferences

User Interface->Columns


Use color to show qos problems l.jpg
Use color to show QoS problems traffic

View -> Coloring Rules


Are you running a proprietary pbx l.jpg
Are you running a proprietary PBX? traffic

Edit -> Properties, Protocols -> RTP


Use the packet details pane to see what s inside the packet l.jpg
Use the trafficPacket Details pane to see what’s inside the packet



Signaling protocols l.jpg
Signaling protocols traffic

  • SIP (from the IETF)

  • H.323 (from the ITU)

  • MGCP

  • IAX

  • SS7 (Telco)

  • GSM (Telco/Cell)

  • SCCP (Cisco Skinny)

  • Vendor specific


The role of signaling l.jpg
The role of signaling traffic

  • Indicate to the remote end that a call is coming

  • Establish the codec to be used for voice

  • Establish the addresses of the endpoints

  • Get out of the way

  • Tear down the connection once it’s done


The 10 000 foot view of sip l.jpg
The 10,000 foot view of SIP traffic

Statistics -> SIP




The properties of rtp l.jpg
The properties of RTP traffic

  • RTP simulates the real time voice normally carried over a wire

  • 4KHz voice bandwidth = 8KHz sampling rate (Nyquist)

  • 8 bits/sample * 8KHz = 64,000bps (DS0)

  • A Codec (G.711u/A law, G.729, G.726, etc)

  • Most codecs use 20ms voice samples = 50pps

  • Even with compression, you have a fairly consistent packet rate, only the size changes


Three factors that affect voice quality l.jpg
Three factors that affect voice quality traffic

Latency <= 150ms (one way)

Jitter <= 20ms

Packet loss <= 0.1%


Latency 150ms one way l.jpg
Latency <= 150ms (one way) traffic

Jitter buffer,

Transcoding

delay

Path delay

Serialization

delay

Hi, how are you?Hello? Oops, sorry, go ahead

Fine, I oh hello, go ahead


Packet loss 0 1 l.jpg
Packet Loss <= 0.1% traffic

Hi Bo *POP* How *POP*e you?

Hi Bo How you?


Jitter 20ms l.jpg
Jitter <= 20ms traffic

Better late than never? No.





That s it l.jpg
That’s it! traffic

I’m [email protected]

Links related to this talk:

http://del.icio.us/seanw/sharkfest08


ad