Presentation is loading. Please wait.

Presentation is loading. Please wait.

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Expose VoIP Problems With Wireshark June 15, 2010 Sean Walberg Vantage Media SHARKFEST ‘10 Stanford.

Published byKaiya Callender Modified over 9 years ago

Similar presentations

Presentation on theme: "SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Expose VoIP Problems With Wireshark June 15, 2010 Sean Walberg Vantage Media SHARKFEST ‘10 Stanford."— Presentation transcript:

1 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Expose VoIP Problems With Wireshark June 15, 2010 Sean Walberg Vantage Media SHARKFEST ‘10 Stanford University June 14-17, 2010

2 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 VoIP is just another application

3 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 (but it has special requirements)

4 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Without tools, VoIP is a black box

5 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 About Me

6 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 The Agenda 1.About VoIP 2.Capturing VoIP 3.Analyzing Signaling 4.Analyzing RTP

7 About VoIP Capturing VoIP Signaling RTP

8 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 The old way Local Loop

9 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 The old way Off Hook Dialtone

10 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 The old way Dialing Digits

11 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 The old way RING – 90v@20Hz

12 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 The old way

13 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 The VoIP way I’m calling x1234

14 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 The VoIP way Hey, 1234, you’re being called

15 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 The VoIP way Use x.x.x.x:xxxx Use y.y.y.y:yyyy

16 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 The VoIP way ZZZZZZ

17 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 So there are two parts to VoIP Signaling – SIP – H.323 – MGCP – SCCP – Proprietary Voice (Bearer) – RTP (G.711, G.722, G.729a,…)

18 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 (two and a half, really) Touch Tones are a problem unto themselves 3212333222333 3212333322321

19 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Network Conditions Affecting VoIP

20 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Loss

21 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Delay

22 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Jitter

23 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Jitter != Delay Jitter Delay Loss (This is from a program called smokeping)

24 SHARKFEST '09 | Stanford University | June 15–18, 2009 10, 10, 10, 10 Latency, no jitter 10, 11, 12, 11, 9, 10 Latency and jitter

25 About VoIP Capturing VoIP Signaling RTP

26 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Location, Location, Location

27 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Just a simple network

28 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 The signaling traffic takes a different path from the RTP traffic

29 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Or, it might do this

30 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Same conversation, different perspectives Here you see inbound latency and jitter, but nothing on the outbound

31 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 NAT changes the address Src=A Dst=B Src=C Dst=D The address changes within the cloud!

32 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Set your capture filters

33 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 The Packet List window

34 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Summaries are displayed here

35 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 By the way… If the signaling or the voice is encrypted, you won’t be able to decode it. Sorry.

36 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Quality of Service for VoIP networks

37 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Add a column for DSCP Edit -> Preferences User Interface->Columns Signaling Tagged RTP Untagged RTP

38 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Are you running a proprietary PBX? Edit -> Properties, Protocols -> RTP

39 About VoIP Capturing VoIP Signaling RTP

40 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 The Role of Signaling Indicate to the remote end that a call is coming Establish the codec to be used for voice Establish the addresses of the endpoints Get out of the way Tear down the connection once it’s done

41 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Use the Packet Details pane to see what’s inside the packet

42 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Back to Loss, Delay, and Jitter Jitter is usually a non-issue Delay, within reason, is OK – Clustering/Specific applications notwithstanding Loss isn’t great – TCP retransmits at layer 4 – UDP retries at layer 7

43 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Demos

44 About VoIP Capturing VoIP Signaling RTP

45 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 The properties of RTP RTP simulates the real time voice normally carried over a wire 4KHz voice bandwidth = 8KHz sampling rate (Nyquist) 8 bits/sample * 8KHz = 64,000bps (DS0) A Codec (G.711u/A law, G.729, G.726, etc) Most codecs use 20ms voice samples = 50pps Even with compression, you have a fairly consistent packet rate, only the size changes

46 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 DTMF Compressing DTMF is bad So many different ways to carry the digits out of band, look for them in traces (see demo)

47 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Three factors that affect voice quality Latency <= 150ms (one way) Jitter <= 20ms Packet loss <= 0.1%

48 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Latency <= 150ms (one way) Hi, how are you? Hello? Oops, sorry, go ahead Fine, I oh hello, go ahead Path delay Serialization delay Jitter buffer, Transcoding delay Transcoding delay

49 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Packet Loss <= 0.1% Hi Bo *POP* How *POP*e you? Hi Bo How you?

50 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Jitter <= 20ms Better late than never? No. May as well be lost.

51 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Demos

52 SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Thanks! sean@ertw.com This presentation will be downloadable from the Sharkfest website.

Download ppt "SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Expose VoIP Problems With Wireshark June 15, 2010 Sean Walberg Vantage Media SHARKFEST ‘10 Stanford."

Similar presentations

Voice over IP.

Voice over IP.
VOIP 101: The Fundamentals of IP Telephony William Simmelink, General Manager VoIP Business Unit Texas Instruments February 2003.

VOIP 101: The Fundamentals of IP Telephony William Simmelink, General Manager VoIP Business Unit Texas Instruments February 2003.
Unleashing the Power of IP Communications Calling Across The Boundaries Mike Burkett, VP Products April 25, 2002.

Unleashing the Power of IP Communications Calling Across The Boundaries Mike Burkett, VP Products April 25, 2002.
VoIP Models for 802.20 System Performance Evaluation Farooq Khan IEEE 802.20 Interim Meeting Vancouver, BC, Canada January 12-16, 2004.

VoIP Models for System Performance Evaluation Farooq Khan IEEE Interim Meeting Vancouver, BC, Canada January 12-16, 2004.
IP Cablecom and MEDIACOM 2004 Prediction and Monitoring of Quality for VoIP services Quality for VoIP services Vincent Barriac – France Télécom R&D SG12.

IP Cablecom and MEDIACOM 2004 Prediction and Monitoring of Quality for VoIP services Quality for VoIP services Vincent Barriac – France Télécom R&D SG12.
0 - 0.

0 - 0.
Addition Facts 1 - 20.

Addition Facts
SHARKFEST 10 | Stanford University | June 14–17, 2010 Where NetFlow and Packet Capture Complement Each Other June 17 th, 2010 Michael Patterson CEO | Plixer.

SHARKFEST 10 | Stanford University | June 14–17, 2010 Where NetFlow and Packet Capture Complement Each Other June 17 th, 2010 Michael Patterson CEO | Plixer.
1 Voice over IP Signaling: H.323 and Beyond Communications Magazine, IEEE Volume 38, Issue 10, Oct. 2000 Page(s):142 - 148 Reporter: ssu-han wang.

1 Voice over IP Signaling: H.323 and Beyond Communications Magazine, IEEE Volume 38, Issue 10, Oct Page(s): Reporter: ssu-han wang.
SHARKFEST '09 | Stanford University | June 15–18, 2009 Tips and Tricks: Case Studies Laura Chappell Founder, Wireshark University

SHARKFEST '09 | Stanford University | June 15–18, 2009 Tips and Tricks: Case Studies Laura Chappell Founder, Wireshark University
Protocol layers and Wireshark Rahul Hiran TDTS11:Computer Networks and Internet Protocols 1 Note: T he slides are adapted and modified based on slides.

Protocol layers and Wireshark Rahul Hiran TDTS11:Computer Networks and Internet Protocols 1 Note: T he slides are adapted and modified based on slides.
Streaming Video over the Internet

Streaming Video over the Internet
1 IP Telephony (VoIP) CSI4118 Fall 2005. 2 Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.

1 IP Telephony (VoIP) CSI4118 Fall Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.
Figure 7-1 Softswitch Components Signaling Gateway Feature Server Softswitch Universal Media Gateway SGCP SIP MGCP MGCP (Media Gateway Control Protocol)

Figure 7-1 Softswitch Components Signaling Gateway Feature Server Softswitch Universal Media Gateway SGCP SIP MGCP MGCP (Media Gateway Control Protocol)
SHARKFEST '09 | Stanford University | June 15–18, 2009 The Reality of 10G Analysis Presented by: Network Critical Wednesday, June 17 th, 2009 1:30 pm –

SHARKFEST '09 | Stanford University | June 15–18, 2009 The Reality of 10G Analysis Presented by: Network Critical Wednesday, June 17 th, :30 pm –
The IP Revolution. Page 2 The IP Revolution IP Revolution Why now? The 3 Pillars of the IP Revolution How IP changes everything.

The IP Revolution. Page 2 The IP Revolution IP Revolution Why now? The 3 Pillars of the IP Revolution How IP changes everything.
Copyright © Open Text Corporation. All rights reserved. Slide 1 Automatic Routing With Captaris FaxPress and FaxPress Premier Darin McGinnes Sales Engineer.

Copyright © Open Text Corporation. All rights reserved. Slide 1 Automatic Routing With Captaris FaxPress and FaxPress Premier Darin McGinnes Sales Engineer.
20 19181716151413121110987654321 © S Haughton 2010 1 more than 3?

© S Haughton more than 3?
Johan Garcia Karlstads Universitet Datavetenskap 1 Datakommunikation II Signaling/Voice over IP / SIP Based on material from Henning Schulzrinne, Columbia.

Johan Garcia Karlstads Universitet Datavetenskap 1 Datakommunikation II Signaling/Voice over IP / SIP Based on material from Henning Schulzrinne, Columbia.
Customize Your View of Data Training Presentation for Supply Chain Platform: BAE Systems July 2012.

Customize Your View of Data Training Presentation for Supply Chain Platform: BAE Systems July 2012.

Similar presentations

Ads by Google