1 / 53

Expose VoIP Problems With Wireshark June 18, 2009 Sean Walberg Network Guy | Canwest

Expose VoIP Problems With Wireshark June 18, 2009 Sean Walberg Network Guy | Canwest SHARK FEST '09 Stanford University June 15-18, 2009. Without tools, VoIP is a black box. Wireshark lets you peek inside. VoIP is just another application. (but it has special requirements). About Me.

artie
Download Presentation

Expose VoIP Problems With Wireshark June 18, 2009 Sean Walberg Network Guy | Canwest

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Expose VoIP Problems With Wireshark June 18, 2009 Sean Walberg Network Guy | Canwest SHARKFEST'09 Stanford University June 15-18, 2009

  2. Without tools, VoIP is a black box

  3. Wireshark lets you peek inside

  4. VoIP is just another application

  5. (but it has special requirements)

  6. About Me

  7. About You

  8. The Agenda • About VoIP • Capturing VoIP • Analyzing Signaling • Analyzing RTP

  9. About VoIPCapturing VoIPSignalingRTP

  10. The old way Local Loop

  11. The old way Dialtone Off Hook

  12. The old way Dialing Digits

  13. The old way RING – 90v@20Hz

  14. The old way

  15. The VoIP way I’m calling x1234

  16. The VoIP way Hey, 1234, you’re being called

  17. The VoIP way Use x.x.x.x:xxxx Use y.y.y.y:yyyy

  18. The VoIP way ZZZZZZ

  19. So there are two parts to VoIP • Signaling • SIP • H.323 • MGCP • SCCP • Proprietary • Voice (Bearer) • RTP (G.711, G.722, G.729a,…)

  20. Jitter, Delay, and Loss, oh my!

  21. Loss

  22. Delay Never underestimate the bandwidth of a station wagon loaded with backup tapes. (the delay is a different matter)

  23. Jitter

  24. Jitter != Delay Jitter Delay

  25. About VoIPCapturing VoIPSignalingRTP

  26. Location, Location, Location

  27. Just a simple network

  28. The signaling traffic takes a different path from the RTP traffic

  29. Or, it might do this

  30. Same conversation, different perspectives Here you see inbound latency and jitter, but nothing on the outbound Here you see inbound latency and jitter, but nothing on the outbound

  31. NAT changes the address Src=C Dst=D Src=A Dst=B The address changes within the cloud!

  32. Set your capture filters

  33. The Packet List window

  34. Summaries are displayed here

  35. By the way… If the signaling or the voice is encrypted, you won’t be able to decode it. Sorry.

  36. Quality of Service for VoIP networks

  37. Use color to show QoS problems View -> Coloring Rules

  38. Add a column for DSCP Signaling Tagged RTP Untagged RTP Edit -> Preferences User Interface->Columns

  39. Are you running a proprietary PBX? Edit -> Properties, Protocols -> RTP

  40. Use the Packet Details pane to see what’s inside the packet

  41. About VoIPCapturing VoIPSignalingRTP

  42. The Role of Signaling • Indicate to the remote end that a call is coming • Establish the codec to be used for voice • Establish the addresses of the endpoints • Get out of the way • Tear down the connection once it’s done

  43. Back to Loss, Delay, and Jitter • Jitter is usually a non-issue • Delay, within reason, is OK • Clustering/Specific applications notwithstanding • Loss isn’t great • TCP retransmits at layer 4 • UDP retries at layer 7

  44. Demos

  45. About VoIPCapturing VoIPSignalingRTP

  46. The properties of RTP • RTP simulates the real time voice normally carried over a wire • 4KHz voice bandwidth = 8KHz sampling rate (Nyquist) • 8 bits/sample * 8KHz = 64,000bps (DS0) • A Codec (G.711u/A law, G.729, G.726, etc) • Most codecs use 20ms voice samples = 50pps • Even with compression, you have a fairly consistent packet rate, only the size changes

  47. DTMF • Compressing DTMF is bad • So many different ways to carry the digits out of band, look for them in traces

  48. Three factors that affect voice quality Latency <= 150ms (one way) Jitter <= 20ms Packet loss <= 0.1%

  49. Latency <= 150ms (one way) Jitter buffer, Transcoding delay Path delay Serialization delay Hi, how are you?Hello? Oops, sorry, go ahead Fine, I oh hello, go ahead

  50. Packet Loss <= 0.1% Hi Bo *POP* How *POP*e you? Hi Bo How you?

More Related