390 likes | 510 Vues
Exposing VoIP problems with Wireshark April 2, 2008 Sean Walberg Network Guy | Canwest SHARK FEST '08 Foothill College March 31 - April 2, 2008. Voice is just another application. Without tools, VoIP is a black box. Wireshark has tools to analyze VoIP. The Agenda.
E N D
SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Exposing VoIP problems with Wireshark April 2, 2008 Sean Walberg Network Guy | Canwest SHARKFEST '08 Foothill College March 31 - April 2, 2008
SHARKFEST '08 | Foothill College | March 31 - April 2, 2008 Without tools, VoIP is a black box
The Agenda • Capturing VoIP traffic • Using the basic Wireshark tools • Digging into the signaling traffic • Analyzing the RTP traffic
The signaling traffic takes a different path from the RTP traffic Voice Signaling
Or, it might do this Voice Signaling
Same conversation, different perspectives Here you see B – A jitter, but not A - B Here you see A – B jitter, but not B - A
NAT changes the address Src=C Dst=D Src=A Dst=B The address changes within the cloud!
By the way… If the signaling or the voice is encrypted, you won’t be able to decode it. Sorry.
Add a column for DSCP Signaling Tagged RTP Untagged RTP Insert -> Preferences User Interface->Columns
Use color to show QoS problems View -> Coloring Rules
Are you running a proprietary PBX? Edit -> Properties, Protocols -> RTP
Signaling protocols • SIP (from the IETF) • H.323 (from the ITU) • MGCP • IAX • SS7 (Telco) • GSM (Telco/Cell) • SCCP (Cisco Skinny) • Vendor specific
The role of signaling • Indicate to the remote end that a call is coming • Establish the codec to be used for voice • Establish the addresses of the endpoints • Get out of the way • Tear down the connection once it’s done
The 10,000 foot view of SIP Statistics -> SIP
The properties of RTP • RTP simulates the real time voice normally carried over a wire • 4KHz voice bandwidth = 8KHz sampling rate (Nyquist) • 8 bits/sample * 8KHz = 64,000bps (DS0) • A Codec (G.711u/A law, G.729, G.726, etc) • Most codecs use 20ms voice samples = 50pps • Even with compression, you have a fairly consistent packet rate, only the size changes
Three factors that affect voice quality Latency <= 150ms (one way) Jitter <= 20ms Packet loss <= 0.1%
Latency <= 150ms (one way) Jitter buffer, Transcoding delay Path delay Serialization delay Hi, how are you?Hello? Oops, sorry, go ahead Fine, I oh hello, go ahead
Packet Loss <= 0.1% Hi Bo *POP* How *POP*e you? Hi Bo How you?
Jitter <= 20ms Better late than never? No.
That’s it! I’m sean@ertw.com Links related to this talk: http://del.icio.us/seanw/sharkfest08