Wireshark · Ethereal-users: Re: [Ethereal-users] Captured data analyzer.

Ethereal-users: Re: [Ethereal-users] Captured data analyzer.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Martin Regner" <martin.regner@xxxxxxxxx>

Date: Sat, 31 Jan 2004 09:41:18 +0100

Martin Regner wrote:
> Sakri Ahmad wrote:
> > Recently I store and tried ethereal prog on my windows base pc.
> > I need to analyzed the captured data for VoIP. This means I need to find
> the
> > % of Loss, Jitter, delay etc.
> > As first step I need to develope a program for this. I planned to used
> > V.basic for this. The prob. is
> > 1) I don't how to save to captured data into the format that V.basic can
> > understand.
> > 2) Not sure what is the best program to develope this analyzer
>
> Please note that Ethereal has some functionality that might be useful for
> you.
>
> The RTP Analysis can calculate delay and jitter (for each packet compared
to
> previous packet in the stream).
>
> Select a RTP packet and use Analyze/Statistics/RTP Streams/Analyse...
> or use Analyze/Statistics/RTP Streams/Show all.. and then select a stream
> and use Analyse button.
>
> It's even possible to get the output in a Comma Separated Value file with
> "Save as CSV ..." so
> that you could prepare e.g. some average/max/min calculations in a
separate
> application etc. if you want that, and
> maybe prepare some graphs just by reading in the file in a spreadsheet
> program and asking it to make some graphs out of the statistics.
>
> I also had some ideas of that it might be good to add Min, Max, Average,
> Standard Deviation calculations directly in the RTP Analysis
> for jitter, delay, packet sizes and so on (Max Delay is already there).
>
> But I'm not sure what things should be really useful to have and what
other
> similar programs have.
>

I think that it also could be useful to look at RTCP
SenderReport/ReceiverReport packets (if RTCP is used) for looking at
inter-arrival jitter, packet losses and it *may* also be possible to
calculate the packet round-trip time delays.

Real-time Transport Control Protocol
    10.. .... = Version: RFC 1889 Version (2)
    ..0. .... = Padding: False
    ...0 0010 = Reception report count: 2
    Packet type: Sender Report (200)
    Length: 18
    Sender SSRC: 261555009
    Timestamp, MSW: 2939935579
    Timestamp, LSW: 610244709
    RTP timestamp: 2780815168
    Sender's packet count: 453
    Sender's octet count: 8466
    Source 1
        Identifier: 254477122
        SSRC contents
            Fraction lost: 0 / 256
            Cumulative number of packets lost: 0
        Extended highest sequence number received: 3745
            Sequence number cycles count: 0
            Highest sequence number received: 3745
        Interarrival jitter: 496
        Last SR timestamp: 445436189
        Delay since last SR timestamp: 6291



Actually I think that the term "Delay" in RTP Analysis is misleading and
probably doesn't show what people normally mean with delay,
so maybe it should be changed.

http://www.ethereal.com/lists/ethereal-users/200311/msg00003.html

I think that RFC 1889 uses the term difference ("difference D")  for the
thing that RTP Analysis is showing as "Delay".
D is the difference in inter-arrival-time and jitter can be estimated as the
statistical variance in inter-arrival-time, I think.

http://www.kahalasystems.com/products/wav3/jitter.shtml

Prev by Date: Re: [Ethereal-users] ~ Ethereal - Problem with Tools ~
Next by Date: [Ethereal-users] hostname substitued in trace for ip without using DNS
Previous by thread: Re: [Ethereal-users] Captured data analyzer.
Next by thread: [Ethereal-users] Ethereal without net-snmp
Index(es):
- Date
- Thread