This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

VOIP quality issues—-how do I use wireshark to identify the problem

0

Dear All,

I work with for a TDM/VOIP carrier and I have this customer who complains about quality issues on our TDM/VOIP switch which interconnects with his on VOIP switch over IP. My boss has adviced me to use wireshark to determine if the issue is with our ISP provider. We have a 100G connection to our ISP but his thinking we might be having some bandwidth or latency issues. I am new to wireshark and don't know how to go about it. Please can you help me? I have installed wireshark on my PC in the office.

Thanks

asked 03 Jun '11, 05:15

dollyp's gravatar image

dollyp
1111
accept rate: 0%

retagged 04 Jun '11, 17:09

helloworld's gravatar image

helloworld
3.1k42041


One Answer:

0

100G ? I hope that is a typo because at that rate you need very expensive capture solutions.

In general, at high speeds such investigations are a mix of traffic analysis followed by protocol analysis. Wireshark is a bit level protocol analyzer. So it is a fairly big hammer to bring on as a first tool when dealing with network performance issues.

First check if there are any issues at the traffic level. Monitor the link using a tool like ntop/trisul and verify if the end customer is 1) getting adequate bandwidth and 2) if there is unwanted (other) traffic on the link that is causing the voip traffic to be squeezed out. In order to do this, you can either enable port spanning or netflow on your end. At 100G port spanning is not feasible so Netflow is the way to go. You may have to monitor for an hour or two around the time when the customer usually complains.

Once traffic issues are ruled out, use Wireshark to dive into the protocol level. You can use a capture filter to do so. Again if you are on 10x10G things get a lot more complicated. In Wireshark you can view a list of calls and plot jitter/throughput and take it from there. You can also debug signalling issues with wireshark, maybe the end points are failing to negotiate a wideband codec or something like that.

HTH,

answered 04 Jun '11, 20:33

vivekrj's gravatar image

vivekrj
1
accept rate: 0%