leerzame sessie over VoIP

SHARKFEST '09 | Stanford University | June 15–18, 2009

Expose VoIP Problems With WiresharkJune 18, 2009

Sean WalbergNetwork Guy | Canwest

SHARKFEST '09Stanford UniversityJune 15-18, 2009


Without tools, VoIP is a black box


Wireshark lets you peek inside


VoIP is just another application


(but it has special requirements)


About Me


About You


The Agenda

1. About VoIP2. Capturing VoIP3. Analyzing Signaling4. Analyzing RTP


About VoIPCapturing VoIPSignalingRTP


The old way

Local Loop


The old way

Off Hook Dialtone


The old way

Dialing Digits


The old way

RING – 90v@20Hz


The old way


The VoIP way

I’m ca

lling

x123

4


The VoIP way

Hey, 1234, you’re being called


The VoIP way

Use x.x.x.x:xxxxUse

y.y.y

.y:yy

yy


The VoIP way

ZZZZZZ


So there are two parts to VoIP

• Signaling– SIP– H.323– MGCP– SCCP– Proprietary

• Voice (Bearer) – RTP (G.711, G.722, G.729a,…)


Jitter, Delay, and Loss, oh my!


Loss


Delay

Never underestimate the bandwidth of a station wagon

loaded with backup tapes.

(the delay is a different matter)


Jitter


Jitter != Delay

Jitter

Delay




Location, Location, Location


Just a simple network


The signaling traffic takes a different path from the RTP traffic


Or, it might do this


Same conversation, different perspectives

Here you see inbound latency and jitter, but nothing on the outbound

Here you see inbound latency and jitter, but nothing on the outbound


NAT changes the address

Src=ADst=B

Src=CDst=D

The address changeswithin the cloud!


Set your capture filters


The Packet List window


Summaries are displayed here


By the way…

If the signaling or the voice is encrypted, you won’t be able to decode it.

Sorry.


Quality of Service for VoIP networks


Use color to show QoS problems

View -> Coloring Rules


Add a column for DSCP

Edit -> Preferences User Interface->Columns

Signaling

Tagged RTP

UntaggedRTP


Are you running a proprietary PBX?

Edit -> Properties, Protocols -> RTP


Use the Packet Details pane to see what’s inside the packet




The Role of Signaling

• Indicate to the remote end that a call is coming

• Establish the codec to be used for voice• Establish the addresses of the endpoints• Get out of the way• Tear down the connection once it’s done


Back to Loss, Delay, and Jitter

• Jitter is usually a non-issue• Delay, within reason, is OK

– Clustering/Specific applications notwithstanding

• Loss isn’t great– TCP retransmits at layer 4– UDP retries at layer 7


Demos




The properties of RTP

• RTP simulates the real time voice normally carried over a wire

• 4KHz voice bandwidth = 8KHz sampling rate (Nyquist)• 8 bits/sample * 8KHz = 64,000bps (DS0)

• A Codec (G.711u/A law, G.729, G.726, etc)• Most codecs use 20ms voice samples = 50pps• Even with compression, you have a fairly consistent

packet rate, only the size changes


DTMF

• Compressing DTMF is bad• So many different ways to carry the digits out

of band, look for them in traces


Three factors that affect voice quality

Latency <= 150ms (one way)

Jitter <= 20ms

Packet loss <= 0.1%


Latency <= 150ms (one way)

Hi, how are you? Hello? Oops, sorry, go ahead Fine, I oh hello, go ahead

Path delay

Serializationdelay

Jitter buffer,Transcodingdelay


Packet Loss <= 0.1%

Hi Bo *POP* How *POP*e you?Hi Bo How you?


Jitter <= 20ms

Better late than never? No. May as well be lost.


Demos


Thanks!

[email protected]@seanwalberg

This presentation will be downloadable fromhttp://lovemytool.com and http://cacetech.com

leerzame sessie over VoIP

Documents

voip way im

voip way zzzzzz

voip networks

voip way use x

properties of rtp rtp

jitter jitter

expose voip problems

delay jitter delay