1 / 39

Exposing VoIP problems with Wireshark April 2, 2008 Sean Walberg Network Guy | Canwest SHARK FEST '08 Foothill Colleg

Exposing VoIP problems with Wireshark April 2, 2008 Sean Walberg Network Guy | Canwest SHARK FEST '08 Foothill College March 31 - April 2, 2008. Voice is just another application. Without tools, VoIP is a black box. Wireshark has tools to analyze VoIP. The Agenda.

michiko
Télécharger la présentation

Exposing VoIP problems with Wireshark April 2, 2008 Sean Walberg Network Guy | Canwest SHARK FEST '08 Foothill Colleg

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Exposing VoIP problems with Wireshark April 2, 2008 Sean Walberg Network Guy | Canwest SHARKFEST '08 Foothill College March 31 - April 2, 2008

  2. Voice is just another application

  3. SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Without tools, VoIP is a black box

  4. Wireshark has tools to analyze VoIP

  5. The Agenda • Capturing VoIP traffic • Using the basic Wireshark tools • Digging into the signaling traffic • Analyzing the RTP traffic

  6. About you

  7. About me

  8. 1. Capture the VoIP traffic

  9. Location, Location, Location

  10. Just a simple network

  11. The signaling traffic takes a different path from the RTP traffic Voice Signaling

  12. Or, it might do this Voice Signaling

  13. Same conversation, different perspectives Here you see B – A jitter, but not A - B Here you see A – B jitter, but not B - A

  14. NAT changes the address Src=C Dst=D Src=A Dst=B The address changes within the cloud!

  15. Set your capture filters

  16. By the way… If the signaling or the voice is encrypted, you won’t be able to decode it. Sorry.

  17. 2. Use the basic tools

  18. The Packet List window

  19. Summaries are displayed here

  20. Quality of Service for VoIP networks

  21. Add a column for DSCP Signaling Tagged RTP Untagged RTP Insert -> Preferences User Interface->Columns

  22. Use color to show QoS problems View -> Coloring Rules

  23. Are you running a proprietary PBX? Edit -> Properties, Protocols -> RTP

  24. Use the Packet Details pane to see what’s inside the packet

  25. 3. Dig into the signaling traffic

  26. Signaling protocols • SIP (from the IETF) • H.323 (from the ITU) • MGCP • IAX • SS7 (Telco) • GSM (Telco/Cell) • SCCP (Cisco Skinny) • Vendor specific

  27. The role of signaling • Indicate to the remote end that a call is coming • Establish the codec to be used for voice • Establish the addresses of the endpoints • Get out of the way • Tear down the connection once it’s done

  28. The 10,000 foot view of SIP Statistics -> SIP

  29. Demo – VoIP Call Statistics

  30. 4. Analyze the RTP traffic

  31. The properties of RTP • RTP simulates the real time voice normally carried over a wire • 4KHz voice bandwidth = 8KHz sampling rate (Nyquist) • 8 bits/sample * 8KHz = 64,000bps (DS0) • A Codec (G.711u/A law, G.729, G.726, etc) • Most codecs use 20ms voice samples = 50pps • Even with compression, you have a fairly consistent packet rate, only the size changes

  32. Three factors that affect voice quality Latency <= 150ms (one way) Jitter <= 20ms Packet loss <= 0.1%

  33. Latency <= 150ms (one way) Jitter buffer, Transcoding delay Path delay Serialization delay Hi, how are you?Hello? Oops, sorry, go ahead Fine, I oh hello, go ahead

  34. Packet Loss <= 0.1% Hi Bo *POP* How *POP*e you? Hi Bo How you?

  35. Jitter <= 20ms Better late than never? No.

  36. Demo – RTP Statistics

  37. Optional – IO Statistics

  38. Optional – Other things you can do to monitor VoIP

  39. That’s it! I’m sean@ertw.com Links related to this talk: http://del.icio.us/seanw/sharkfest08

More Related