Using Packet Analysis to solve VoIP issues – Part 2

Read Part 1 of Using Packet Analysis here

As we are working in the world of VoIP, we do need to know about the protocols that make this communication possible.

SIP is one of the fundamental building blocks of today modern VoIP communication, not only used for voice communications, but also for multimedia session establishment, instant messaging or for some gaming session.  Suppose we have a two SIP devises Alice and Bob. When Alice initiate a SIP call, an INVITE packet is sent to Bob, in return Bob reply with 100 Trying or 180 Ringing message back to Alice. The numbers (100, 180 etc.) that you are seeing are known as SIP methods. These SIP methods are used to convey different informational messages about status of a particular call. After sending 1xx informational messages, Bob will send a 200 Ok message, which marks the establishment of a call and RTP stream is established after that instant. A particular SIP call is ended by sending a Bye message by either party, once a Bye message is sent the request will get stopped and RTP session dropped.

Now let’s open Wireshark, you can download the latest version from: , I am using the 64-bit version. Once you will open it for the first time, you will see the following screen:

Wireshark VoIP Packet Analysis 2-1

Exploring the SIP building blocks:

Now let’s open a SIP trace in the Wireshark: this is simple VoIP call between two extensions configured on two local Asterisk PBXs:

Wireshark VoIP Packet Analysis 2-2

Here you will see all the basic SIP signalling parameters which we discussed above. We need to understand two types of packets to get a proper understanding of a VoIP communication scenario:

  • SIP Packets – to understand the call signalling mechanism
  • RTP Packets – to understand voice quality issues because RTP carries the voice packets

As you can see I have filtered SIP packets from a treasure of different packets which were flowing through my network. Now as I have filtered these packets, now let’s save these packets only: Click on File, and then click on Export Specified Packets:

Wireshark VoIP Packet Analysis 2-3

Now as we have filtered out our SIP call packets, let’s open our new file to which we exported the packets (I named the file Test-Call-SIP):

Wireshark VoIP Packet Analysis 2-4

In Wireshark, All of the major Telephony analysis options can be found at the top under Telephony:

Wireshark VoIP Packet Analysis 2-5

In order to view an INVITE packet detail, just double click an INIVTE packet and you will see a new window pop up with all the different network layers detail:

Wireshark VoIP Packet Analysis 2-6

In order to check the SDP (Session Description Protocol) details, just expand the SDP box which is visible in INVITE detail:

Wireshark VoIP Packet Analysis 2-7

An SDP is always a focal point to check media related issues in VoIP.

  • It contains the media IP that is used to established media connection;
  • It shows the user agent shows the SIP version that has been used to negotiate the call.
  • It shows the codec information, which have been offered by the calling party to the called party side.
  • It shows the DTMF digits information, whether it’s shared in the form of telephony-event parameter or not.

Being a VoIP professional, we should also know about different RFCs that are in use in our domain. RFC stands for Request for Comments; these are IETF (Internet Engineering Task Force) documents, which details the underlying architecture and working of a specific protocol. Each RFC has a specific number, some of the famous RFCs are:

  • RTP is defined by the IETF in RFC 3550
  • The payload format for a number of CODECs are defined in RFC 3551
  • RTCP is defined in RFC 3550 used to address delay and jitter issues
  • Secure RTP is defined in RFC 3711
  • SIP is defined in detail under RFC 3261

As you have now enough background in Wireshark and VoIP, in the 3rd part of this article series we will have a look on different issues that arises in VoIP and how we can identify its symptoms and causes using Wireshark. Have a great day ahead 🙂

Read Part 1 of Using Packet Analysis here

Wireshark VoIP Packet Analysis 2-1

Table of Contents

Slingshot Instant Quote

Thank you for your interest, please enter your contact information below so that we can send you a detailed and personalized quote.

In addition to your personalized quote, you will also receive the Business Phone Systems 101 Guide.

Number : 10