Walberg-expose vo_ip problems with wireshark

1,347 views

Published on

  • Be the first to comment

  • Be the first to like this

Walberg-expose vo_ip problems with wireshark

  1. 1. Exposing VoIP problemswith WiresharkApril 2, 2008Sean WalbergNetwork Guy | CanwestSHARKFEST 08Foothill CollegeMarch 31 - April 2, 2008 SHARKFEST 08 | Foothill College | March 31 - April 2, 2008
  2. 2. Voice is just another application
  3. 3. Without tools, VoIP is a black box SHARKFEST 08 | Foothill College | March 31 - April 2, 2008
  4. 4. Wireshark has tools to analyze VoIP
  5. 5. The Agenda1. Capturing VoIP traffic2. Using the basic Wireshark tools3. Digging into the signaling traffic4. Analyzing the RTP traffic
  6. 6. About you
  7. 7. About me
  8. 8. 1. Capture the VoIP traffic
  9. 9. Location, Location, Location
  10. 10. Just a simple network
  11. 11. The signaling traffic takes a differentpath from the RTP traffic Voice Signaling
  12. 12. Or, it might do this Voice Signaling
  13. 13. Same conversation, different perspectivesHere you see B – A jitter,but not A - B Here you see A – B jitter, but not B - A
  14. 14. NAT changes the address Src=C Src=A Dst=D Dst=B The address changes within the cloud!
  15. 15. Set your capture filters
  16. 16. By the way…If the signaling or the voice is encrypted,you won’t be able to decode it.Sorry.
  17. 17. 2. Use thebasic tools
  18. 18. The Packet List window
  19. 19. Summaries are displayed here
  20. 20. Quality of Service for VoIP networks
  21. 21. Add a column for DSCP Signaling Tagged RTP Untagged RTP Insert -> Preferences User Interface->Columns
  22. 22. Use color to show QoS problems View -> Coloring Rules
  23. 23. Are you running a proprietary PBX? Edit -> Properties, Protocols -> RTP
  24. 24. Use the Packet Details pane to seewhat’s inside the packet
  25. 25. 3. Dig into the signaling traffic
  26. 26. Signaling protocols SIP (from the IETF) H.323 (from the ITU) MGCP IAX SS7 (Telco) GSM (Telco/Cell) SCCP (Cisco Skinny) Vendor specific
  27. 27. The role of signaling Indicate to the remote end that a call is coming Establish the codec to be used for voice Establish the addresses of the endpoints Get out of the way Tear down the connection once it’s done
  28. 28. The 10,000 foot view of SIPStatistics -> SIP
  29. 29. Demo – VoIP Call Statistics
  30. 30. 4. Analyze the RTP traffic
  31. 31. The properties of RTP RTP simulates the real time voice normally carried over a wire 4KHz voice bandwidth = 8KHz sampling rate (Nyquist) 8 bits/sample * 8KHz = 64,000bps (DS0) A Codec (G.711u/A law, G.729, G.726, etc) Most codecs use 20ms voice samples = 50pps Even with compression, you have a fairly consistent packet rate, only the size changes
  32. 32. Three factors that affect voice quality Latency <= 150ms (one way) Jitter <= 20ms Packet loss <= 0.1%
  33. 33. Latency <= 150ms (one way) Jitter buffer, Transcoding Path delay delay Serialization delay Hi, how are you? Hello? Oops, sorry, go ahead Fine, I oh hello, go ahead
  34. 34. Packet Loss <= 0.1% Hi Bo *POP* How *POP*e you? Hi Bo How you?
  35. 35. Jitter <= 20ms Better late than never? No.
  36. 36. Demo – RTP Statistics
  37. 37. Optional – IO Statistics
  38. 38. Optional – Other things you can do tomonitor VoIP
  39. 39. That’s it! I’m sean@ertw.com I’m sean@ertw.com Links related to this talk: Links related to this talk: http://del.icio.us/seanw/sharkfest08 http://del.icio.us/seanw/sharkfest08

×