Slide1 l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 39

Exposing VoIP problems with Wireshark April 2, 2008 Sean Walberg Network Guy | Canwest SHARK FEST '08 Foothill College March 31 - April 2, 2008 PowerPoint PPT Presentation


  • 144 Views
  • Uploaded on
  • Presentation posted in: General

Exposing VoIP problems with Wireshark April 2, 2008 Sean Walberg Network Guy | Canwest SHARK FEST '08 Foothill College March 31 - April 2, 2008. Voice is just another application. Without tools, VoIP is a black box. Wireshark has tools to analyze VoIP. The Agenda.

Download Presentation

Exposing VoIP problems with Wireshark April 2, 2008 Sean Walberg Network Guy | Canwest SHARK FEST '08 Foothill College March 31 - April 2, 2008

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Slide1 l.jpg

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008

Exposing VoIP problems with Wireshark

April 2, 2008

Sean Walberg

Network Guy | Canwest

SHARKFEST '08

Foothill College

March 31 - April 2, 2008


Voice is just another application l.jpg

Voice is just another application


Without tools voip is a black box l.jpg

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008

Without tools, VoIP is a black box


Wireshark has tools to analyze voip l.jpg

Wireshark has tools to analyze VoIP


The agenda l.jpg

The Agenda

  • Capturing VoIP traffic

  • Using the basic Wireshark tools

  • Digging into the signaling traffic

  • Analyzing the RTP traffic


About you l.jpg

About you


About me l.jpg

About me


1 capture the voip traffic l.jpg

1. Capture the VoIP traffic


Location location location l.jpg

Location, Location, Location


Just a simple network l.jpg

Just a simple network


The signaling traffic takes a different path from the rtp traffic l.jpg

The signaling traffic takes a different path from the RTP traffic

Voice

Signaling


Or it might do this l.jpg

Or, it might do this

Voice

Signaling


Same conversation different perspectives l.jpg

Same conversation, different perspectives

Here you see B – A jitter, but not A - B

Here you see A – B jitter, but not B - A


Nat changes the address l.jpg

NAT changes the address

Src=C

Dst=D

Src=A

Dst=B

The address changes

within the cloud!


Set your capture filters l.jpg

Set your capture filters


By the way l.jpg

By the way…

If the signaling or the voice is encrypted, you won’t be able to decode it.

Sorry.


2 use the basic tools l.jpg

2. Use the basic tools


The packet list window l.jpg

The Packet List window


Summaries are displayed here l.jpg

Summaries are displayed here


Quality of service for voip networks l.jpg

Quality of Service for VoIP networks


Add a column for dscp l.jpg

Add a column for DSCP

Signaling

Tagged RTP

Untagged

RTP

Insert -> Preferences

User Interface->Columns


Use color to show qos problems l.jpg

Use color to show QoS problems

View -> Coloring Rules


Are you running a proprietary pbx l.jpg

Are you running a proprietary PBX?

Edit -> Properties, Protocols -> RTP


Use the packet details pane to see what s inside the packet l.jpg

Use the Packet Details pane to see what’s inside the packet


3 dig into the signaling traffic l.jpg

3. Dig into the signaling traffic


Signaling protocols l.jpg

Signaling protocols

  • SIP (from the IETF)

  • H.323 (from the ITU)

  • MGCP

  • IAX

  • SS7 (Telco)

  • GSM (Telco/Cell)

  • SCCP (Cisco Skinny)

  • Vendor specific


The role of signaling l.jpg

The role of signaling

  • Indicate to the remote end that a call is coming

  • Establish the codec to be used for voice

  • Establish the addresses of the endpoints

  • Get out of the way

  • Tear down the connection once it’s done


The 10 000 foot view of sip l.jpg

The 10,000 foot view of SIP

Statistics -> SIP


Demo voip call statistics l.jpg

Demo – VoIP Call Statistics


4 analyze the rtp traffic l.jpg

4. Analyze the RTP traffic


The properties of rtp l.jpg

The properties of RTP

  • RTP simulates the real time voice normally carried over a wire

  • 4KHz voice bandwidth = 8KHz sampling rate (Nyquist)

  • 8 bits/sample * 8KHz = 64,000bps (DS0)

  • A Codec (G.711u/A law, G.729, G.726, etc)

  • Most codecs use 20ms voice samples = 50pps

  • Even with compression, you have a fairly consistent packet rate, only the size changes


Three factors that affect voice quality l.jpg

Three factors that affect voice quality

Latency <= 150ms (one way)

Jitter <= 20ms

Packet loss <= 0.1%


Latency 150ms one way l.jpg

Latency <= 150ms (one way)

Jitter buffer,

Transcoding

delay

Path delay

Serialization

delay

Hi, how are you?Hello? Oops, sorry, go ahead

Fine, I oh hello, go ahead


Packet loss 0 1 l.jpg

Packet Loss <= 0.1%

Hi Bo *POP* How *POP*e you?

Hi Bo How you?


Jitter 20ms l.jpg

Jitter <= 20ms

Better late than never? No.


Demo rtp statistics l.jpg

Demo – RTP Statistics


Optional io statistics l.jpg

Optional – IO Statistics


Optional other things you can do to monitor voip l.jpg

Optional – Other things you can do to monitor VoIP


That s it l.jpg

That’s it!

I’m [email protected]

Links related to this talk:

http://del.icio.us/seanw/sharkfest08


  • Login