A-3 (Walberg) VoIP Troubleshooting - SharkFest

Expose VoIP Problems With Wireshark

June 15, 2010

Sean Walberg

Vantage Media

SHARK FEST ‘10

Stanford University

June 14-17, 2010

SHARKFEST ‘10 | Stanford University | June 14 –17, 2010

VoIP is just another application


(but it has special requirements)


Without tools, VoIP is a black box


About Me


The Agenda

1. About VoIP

2. Capturing VoIP

3. Analyzing Signaling

4. Analyzing RTP


About VoIP

Capturing VoIP

Signaling

RTP

Local Loop

The old way


The old way

Off Hook

Dialtone


The old way

Dialing Digits


The old way

RING – 90v@20Hz


The old way


The VoIP way


The VoIP way


The VoIP way


The VoIP way

ZZZZZZ


So there are two parts to VoIP

• Signaling

– SIP

– H.323

– MGCP

– SCCP

– Proprietary

• Voice (Bearer)

– RTP (G.711, G.722, G.729a,…)


(two and a half, really)

• Touch Tones are a problem unto themselves

• 3212333222333 3212333322321


Network Conditions Affecting VoIP


Loss


Delay


Jitter


Delay

Jitter != Delay

Loss

Jitter

(This is from a program called smokeping)


10, 10, 10, 10

Latency, no jitter

10, 11, 12, 11, 9, 10

Latency and jitter

SHARKFEST '09 | Stanford University | June 15 –18, 2009

About VoIP

Capturing VoIP

Signaling

RTP

Location, Location, Location


Just a simple network


The signaling traffic takes a different path from the RTP traffic


Or, it might do this


Same conversation, different perspectives

Here you see inbound latency and jitter, but nothing on the outbound

Here you see inbound latency and jitter, but nothing on the outbound


NAT changes the address

Src=C

Dst=D

Src=A

Dst=B

The address changes within the cloud!


Set your capture filters


The Packet List window


Summaries are displayed here


By the way…

If the signaling or the voice is encrypted, you won’t be able to decode it.

Sorry.


Quality of Service for VoIP networks


Add a column for DSCP

Signaling

Tagged RTP

Untagged

RTP

Edit -> Preferences

User Interface->Columns


Are you running a proprietary PBX?

Edit -> Properties, Protocols -> RTP


About VoIP

Capturing VoIP

Signaling

RTP

The Role of Signaling

• Indicate to the remote end that a call is coming

• Establish the codec to be used for voice

• Establish the addresses of the endpoints

• Get out of the way

• Tear down the connection once it’s done


Use the Packet Details pane to see what’s inside the packet


Back to Loss, Delay, and Jitter

• Jitter is usually a non-issue

• Delay, within reason, is OK

– Clustering/Specific applications notwithstanding

• Loss isn’t great

– TCP retransmits at layer 4

– UDP retries at layer 7


Demos


About VoIP

Capturing VoIP

Signaling

RTP

The properties of RTP

• RTP simulates the real time voice normally carried over a wire

• 4KHz voice bandwidth = 8KHz sampling rate (Nyquist)

• 8 bits/sample * 8KHz = 64,000bps (DS0)

• A Codec (G.711u/A law, G.729, G.726, etc)

• Most codecs use 20ms voice samples = 50pps

• Even with compression, you have a fairly consistent packet rate, only the size changes


DTMF

• Compressing DTMF is bad

• So many different ways to carry the digits out of band, look for them in traces (see demo)


Three factors that affect voice quality

Latency <= 150ms (one way)

Jitter <= 20ms

Packet loss <= 0.1%


Latency <= 150ms (one way)

Transcoding delay

Jitter buffer,

Transcoding delay

Path delay

Serialization delay

Hi, how are you?

Hello? Oops, sorry, go ahead

Fine, I oh hello, go ahead


Packet Loss <= 0.1%

Hi Bo *POP* How *POP*e you?

Hi Bo How you?


Jitter <= 20ms

Better late than never? No. May as well be lost.


Demos


Thanks!

sean@ertw.com

This presentation will be downloadable from the

Sharkfest website.


A-3 (Walberg) VoIP Troubleshooting - SharkFest

Related documents

Products

Support

A-3 (Walberg) VoIP Troubleshooting - SharkFest

Related documents

Add this document to collection(s)

Add this document to saved

Suggest us how to improve StudyLib