Transcript AU-9 (Walberg) Expose VoIP Problems with Wireshark
Expose VoIP Problems With Wireshark
June 18, 2009
Sean Walberg
Network Guy | Canwest
SHARK
FEST
'09
Stanford University June 15-18, 2009
SHARKFEST '09 | Stanford University | June 15 –18, 2009
Without tools, VoIP is a black box
SHARKFEST '09 | Stanford University | June 15 –18, 2009
Wireshark lets you peek inside
SHARKFEST '09 | Stanford University | June 15 –18, 2009
VoIP is just another application
SHARKFEST '09 | Stanford University | June 15 –18, 2009
(but it has special requirements)
SHARKFEST '09 | Stanford University | June 15 –18, 2009
About Me
SHARKFEST '09 | Stanford University | June 15 –18, 2009
About You
SHARKFEST '09 | Stanford University | June 15 –18, 2009
The Agenda 1. About VoIP 2. Capturing VoIP 3. Analyzing Signaling 4. Analyzing RTP
SHARKFEST '09 | Stanford University | June 15 –18, 2009
About VoIP Capturing VoIP Signaling RTP
SHARKFEST '09 | Stanford University | June 15 –18, 2009
Local Loop The old way
SHARKFEST '09 | Stanford University | June 15 –18, 2009
The old way Off Hook Dialtone
SHARKFEST '09 | Stanford University | June 15 –18, 2009
The old way Dialing Digits
SHARKFEST '09 | Stanford University | June 15 –18, 2009
The old way RING – 90v@20Hz
SHARKFEST '09 | Stanford University | June 15 –18, 2009
The old way
SHARKFEST '09 | Stanford University | June 15 –18, 2009
The VoIP way
SHARKFEST '09 | Stanford University | June 15 –18, 2009
The VoIP way
SHARKFEST '09 | Stanford University | June 15 –18, 2009
The VoIP way
SHARKFEST '09 | Stanford University | June 15 –18, 2009
The VoIP way ZZZZZZ
SHARKFEST '09 | Stanford University | June 15 –18, 2009
So there are two parts to VoIP • • Signaling – SIP – H.323
– MGCP – SCCP – Proprietary Voice (Bearer) – RTP (G.711, G.722, G.729a,…)
SHARKFEST '09 | Stanford University | June 15 –18, 2009
Jitter, Delay, and Loss, oh my!
SHARKFEST '09 | Stanford University | June 15 –18, 2009
Loss
SHARKFEST '09 | Stanford University | June 15 –18, 2009
Delay Never underestimate the bandwidth of a station wagon loaded with backup tapes.
(the delay is a different matter)
SHARKFEST '09 | Stanford University | June 15 –18, 2009
Jitter
SHARKFEST '09 | Stanford University | June 15 –18, 2009
Delay Jitter != Delay Jitter
SHARKFEST '09 | Stanford University | June 15 –18, 2009
About VoIP Capturing VoIP Signaling RTP
SHARKFEST '09 | Stanford University | June 15 –18, 2009
Location, Location, Location
SHARKFEST '09 | Stanford University | June 15 –18, 2009
Just a simple network
SHARKFEST '09 | Stanford University | June 15 –18, 2009
The signaling traffic takes a different path from the RTP traffic
SHARKFEST '09 | Stanford University | June 15 –18, 2009
Or, it might do this
SHARKFEST '09 | Stanford University | June 15 –18, 2009
Same conversation, different perspectives Here you see inbound latency and jitter, but nothing on the outbound Here you see inbound latency and jitter, but nothing on the outbound
SHARKFEST '09 | Stanford University | June 15 –18, 2009
NAT changes the address Src=C Dst=D Src=A Dst=B The address changes within the cloud!
SHARKFEST '09 | Stanford University | June 15 –18, 2009
Set your capture filters
SHARKFEST '09 | Stanford University | June 15 –18, 2009
The Packet List window
SHARKFEST '09 | Stanford University | June 15 –18, 2009
Summaries are displayed here
SHARKFEST '09 | Stanford University | June 15 –18, 2009
By the way… If the signaling or the voice is encrypted, you won’t be able to decode it.
Sorry.
SHARKFEST '09 | Stanford University | June 15 –18, 2009
Quality of Service for VoIP networks
SHARKFEST '09 | Stanford University | June 15 –18, 2009
Use color to show QoS problems
View -> Coloring Rules SHARKFEST '09 | Stanford University | June 15 –18, 2009
Add a column for DSCP Signaling Tagged RTP Untagged RTP
Edit -> Preferences User Interface->Columns SHARKFEST '09 | Stanford University | June 15 –18, 2009
Are you running a proprietary PBX?
Edit -> Properties, Protocols -> RTP SHARKFEST '09 | Stanford University | June 15 –18, 2009
Use the Packet Details pane to see what’s inside the packet
SHARKFEST '09 | Stanford University | June 15 –18, 2009
About VoIP Capturing VoIP Signaling RTP
SHARKFEST '09 | Stanford University | June 15 –18, 2009
The Role of Signaling • • • • • Indicate to the remote end that a call is coming Establish the codec to be used for voice Establish the addresses of the endpoints Get out of the way Tear down the connection once it’s done
SHARKFEST '09 | Stanford University | June 15 –18, 2009
Back to Loss, Delay, and Jitter • • • Jitter is usually a non-issue Delay, within reason, is OK – Clustering/Specific applications notwithstanding Loss isn’t great – TCP retransmits at layer 4 – UDP retries at layer 7
SHARKFEST '09 | Stanford University | June 15 –18, 2009
Demos
SHARKFEST '09 | Stanford University | June 15 –18, 2009
About VoIP Capturing VoIP Signaling RTP
SHARKFEST '09 | Stanford University | June 15 –18, 2009
The properties of RTP • • • RTP simulates the real time voice normally carried over a wire 4KHz voice bandwidth = 8KHz sampling rate (Nyquist) 8 bits/sample * 8KHz = 64,000bps (DS0) • • • A Codec (G.711u/A law, G.729, G.726, etc) Most codecs use 20ms voice samples = 50pps Even with compression, you have a fairly consistent packet rate, only the size changes
SHARKFEST '09 | Stanford University | June 15 –18, 2009
DTMF • • Compressing DTMF is bad So many different ways to carry the digits out of band, look for them in traces
SHARKFEST '09 | Stanford University | June 15 –18, 2009
Three factors that affect voice quality
Latency <= 150ms (one way) Jitter <= 20ms Packet loss <= 0.1% SHARKFEST '09 | Stanford University | June 15 –18, 2009
Latency <= 150ms (one way) Jitter buffer, Transcoding delay Path delay Serialization delay Hi, how are you?
Hello? Oops, sorry, go ahead Fine, I oh hello, go ahead
SHARKFEST '09 | Stanford University | June 15 –18, 2009
Packet Loss <= 0.1%
Hi Bo *POP* How *POP*e you?
Hi Bo How you?
SHARKFEST '09 | Stanford University | June 15 –18, 2009
Jitter <= 20ms Better late than never? No. May as well be lost.
SHARKFEST '09 | Stanford University | June 15 –18, 2009
Demos
SHARKFEST '09 | Stanford University | June 15 –18, 2009
Thanks!
@seanwalberg This presentation will be downloadable from http://lovemytool.com and http://cacetech.com
SHARKFEST '09 | Stanford University | June 15 –18, 2009