Wireshark-users: [Wireshark-users] TSHARK: RTCP output & calculations

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Martin Thorpe <martinjasonthorpe@xxxxxxxxxxxxxx>
Date: Wed, 23 Nov 2011 15:32:47 +0000
Hi all!

I'm hoping someone would not mind giving me some quick tips on some issues I am having below. I am trying to learn the best way to calculate packet loss and round trip delay for each of the call legs relating to a specific call by using "tshark", the command line output is as follows:

./tshark -i eth2 -o "rtp.heuristic_rtp: TRUE" -o "rtcp.show_roundtrip_calculation: TRUE" -R 'rtcp.ssrc.cum_nr >= 50' -V -d udp.port==5005,rtcp -e rtcp.ssrc.identifier -E occurrence=f -e rtcp.roundtrip-delay -e rtcp.ssrc.fraction -e rtcp.ssrc.cum_nr -e rtcp.ssrc.jitter -e ip.src_host -e rtcp.sdes.text -E occurrence=l -e rtcp.ssrc.dlsr -T fields -E separator=, -E quote=n

This is giving me the following as an example:

0x1377d452,,13,349,0,192.196.76.60,[email protected]:2330,0 <<<<< END POINT (Phone)
0x1377d452,,13,349,0,192.168.1.10,[email protected]:2330,0 <<<<< TSHARK server

TSHARK always shows two outputs for the above - the first in the above example is the actual end point and the second is the server I am running "tshark" from, what I am trying to figure out is this:

1. How to associate call legs with a specific call in the senders report, I believe I can do this using a combination of the SSRC identifier and the CNAME, more so the CNAME as SSRC identifier is open to changing in a collision situation.

2. How to know calculate when the specific call has completed? this is difficult as the RTCP report interval is every 5 seconds, so if a call completes prior to the 5 second interval I may not receive another RTCP report // hear anything? I cannot see any packet type of BYE either, which really does not help.

3. How to calculate packet loss - I believe this is done by calculating the difference in cumulative packet loss between the two reception points

4. How to calculate round trip delay - this is tough, looking at RFC3550 it says: Delay = Arrival time - LSR - DLSR

A = Time stamp of receiving returned report, ie second frame in sequence?
LSR = Time stamp of sending original report, ie first frame in sequence?
DLSR = from second frame

I'm still confused how to calculate round trip delay using the above tshark output, I think I am missing essential fields to do this but I am not sure which timestamp field I need to show....

Essentially I want to perform the above in a Perl script (there is no problem with coding) but can't do this until I fully understand how to associate the calls and obtain the data to perform the calculations, does anyone have an example of how they did this or can help - if you could it would be most appreciated greatly!

Thanks! :-)