Ethereal-users: Re: [Ethereal-users] hi,some help for voip

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Martin Regner" <martin.regner@xxxxxxxxx>
Date: Sat, 17 Jul 2004 08:16:27 +0200
Nick Haroulis wrote:
> hi there,i have just started to use the windows based version of
> ethereal.what i want to do is to set up a voip conversation between 2 nodes
> within a LAN and user ethereal to measure the actual jitter between the
> packets,and end-to-end packet loss (perhaps delay as well?).Is ethereal
> capable of measuring and presenting this values?i would probably need to
> filter SIP or RTP packets.
> thank you.

I would recommend you to start with using a capture filter that captures the packets sent directly between the
end-points and also the SIP signalling that may go via a sip-proxy or similar.
Later on you can maybe try to use filters that just captures the packets you really need.

First step could be to use a capture filter such as:
(host 10.10.10.11 and host 10.10.10.12) or (host 10.10.10.11 and 10.10.10.17) or (host 10.10.10.12 and 10.10.10.17)
which should capture all packets sent between endpoint1=10.10.10.11 and endpoint2=10.10.10.12 but also
the packet sent to/from a proxy server sipproxy=10.10.10.17.

or maybe you could use a filter such as:
(host 10.10.10.11 and host 10.10.10.12 and udp) or port 5060
if the default port 5060 is used for the SIP-signalling.

If you don't get any packets or just broadcast-traffic when capturing you could have a look at FAQ
which contains some information about hubs versus ip-switches and similar
http://www.ethereal.com/faq.html#q5.1
http://www.ethereal.com/faq.html#q5.2
http://www.ethereal.com/faq.html#q5.3

In order to just show RTP, RTCP and SIP packets you can use a display filter such as:
sip or rtp or rtcp

You can apply a display filter by writing the filter string in the filter text field in the Filter toolbar and press the
Apply button.
Please note that Ethereal uses different syntax for captures filters than for display filters.
http://www.ethereal.com/faq.html#q5.11

Use the menu item "Statistics/RTP/Show all streams..." and you should hopefully get a list of all the RTP streams
captured.
If you select a stream and press the Analyse button you will see some more details about the stream.
You will e.g. see the jitter between different RTP packets and some figures about lost packets.

The "Delay" shown in the table is not the thing I would call "delay".
http://www.ethereal.com/lists/ethereal-users/200311/msg00003.html

In order to estimate the end-to-end delay you would probably have to use the RTCP signalling and do some calculations.

The RTP Analysis can store data to a csv-file. You can then load the csv-file into a spreadsheet-program and make some
calculations or graphs if you want.

Please note that if RTCP is used the ReceiverReports/SenderReports may also give an indication about the jitter
calculated by the different end-points
and also an indication about packet losses noticed by the endpoints.
So it may be usefult to have a closer look at the RTCP packets in the capture if there are any.
http://www.ethereal.com/lists/ethereal-users/200401/msg00262.html

There is a sample SIP+RTP capture "sip.cap.gz" here:
http://aa-security.de/dumps/