1 / 52

Expose VoIP Problems With Wireshark June 15, 2010 Sean Walberg Vantage Media SHARK FEST ‘10

Expose VoIP Problems With Wireshark June 15, 2010 Sean Walberg Vantage Media SHARK FEST ‘10 Stanford University June 14-17, 2010. VoIP is just another application. (but it has special requirements). Without tools, VoIP is a black box. About Me. The Agenda. About VoIP Capturing VoIP

lainey
Télécharger la présentation

Expose VoIP Problems With Wireshark June 15, 2010 Sean Walberg Vantage Media SHARK FEST ‘10

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Expose VoIP Problems With Wireshark June 15, 2010 Sean Walberg Vantage Media SHARKFEST‘10 Stanford University June 14-17, 2010

  2. VoIP is just another application

  3. (but it has special requirements)

  4. Without tools, VoIP is a black box

  5. About Me

  6. The Agenda • About VoIP • Capturing VoIP • Analyzing Signaling • Analyzing RTP

  7. About VoIPCapturing VoIPSignalingRTP

  8. The old way Local Loop

  9. The old way Dialtone Off Hook

  10. The old way Dialing Digits

  11. The old way RING – 90v@20Hz

  12. The old way

  13. The VoIP way I’m calling x1234

  14. The VoIP way Hey, 1234, you’re being called

  15. The VoIP way Use x.x.x.x:xxxx Use y.y.y.y:yyyy

  16. The VoIP way ZZZZZZ

  17. So there are two parts to VoIP • Signaling • SIP • H.323 • MGCP • SCCP • Proprietary • Voice (Bearer) • RTP (G.711, G.722, G.729a,…)

  18. (two and a half, really) • Touch Tones are a problem unto themselves • 3212333222333 3212333322321

  19. Network Conditions Affecting VoIP

  20. Loss

  21. Delay

  22. Jitter

  23. Jitter != Delay Loss Jitter Delay (This is from a program called smokeping)

  24. 10, 10, 10, 10 Latency, no jitter 10, 11, 12, 11, 9, 10 Latency and jitter

  25. About VoIPCapturing VoIPSignalingRTP

  26. Location, Location, Location

  27. Just a simple network

  28. The signaling traffic takes a different path from the RTP traffic

  29. Or, it might do this

  30. Same conversation, different perspectives Here you see inbound latency and jitter, but nothing on the outbound Here you see inbound latency and jitter, but nothing on the outbound

  31. NAT changes the address Src=C Dst=D Src=A Dst=B The address changes within the cloud!

  32. Set your capture filters

  33. The Packet List window

  34. Summaries are displayed here

  35. By the way… If the signaling or the voice is encrypted, you won’t be able to decode it. Sorry.

  36. Quality of Service for VoIP networks

  37. Add a column for DSCP Signaling Tagged RTP Untagged RTP Edit -> Preferences User Interface->Columns

  38. Are you running a proprietary PBX? Edit -> Properties, Protocols -> RTP

  39. About VoIPCapturing VoIPSignalingRTP

  40. The Role of Signaling • Indicate to the remote end that a call is coming • Establish the codec to be used for voice • Establish the addresses of the endpoints • Get out of the way • Tear down the connection once it’s done

  41. Use the Packet Details pane to see what’s inside the packet

  42. Back to Loss, Delay, and Jitter • Jitter is usually a non-issue • Delay, within reason, is OK • Clustering/Specific applications notwithstanding • Loss isn’t great • TCP retransmits at layer 4 • UDP retries at layer 7

  43. Demos

  44. About VoIPCapturing VoIPSignalingRTP

  45. The properties of RTP • RTP simulates the real time voice normally carried over a wire • 4KHz voice bandwidth = 8KHz sampling rate (Nyquist) • 8 bits/sample * 8KHz = 64,000bps (DS0) • A Codec (G.711u/A law, G.729, G.726, etc) • Most codecs use 20ms voice samples = 50pps • Even with compression, you have a fairly consistent packet rate, only the size changes

  46. DTMF • Compressing DTMF is bad • So many different ways to carry the digits out of band, look for them in traces (see demo)

  47. Three factors that affect voice quality Latency <= 150ms (one way) Jitter <= 20ms Packet loss <= 0.1%

  48. Latency <= 150ms (one way) Jitter buffer, Transcoding delay Transcoding delay Path delay Serialization delay Hi, how are you?Hello? Oops, sorry, go ahead Fine, I oh hello, go ahead

  49. Packet Loss <= 0.1% Hi Bo *POP* How *POP*e you? Hi Bo How you?

  50. Jitter <= 20ms Better late than never? No. May as well be lost.

More Related