Re: [Wireshark-users] VoIP analysis and assessment
Hi, You might want to use the new RTPplay function in Wireshark you'll have to download a development version to try it out. BR Anders -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Bulk Sent: den 6 oktober 2006 06:40 To: 'Community support list for Wireshark' Subject: Re: [Wireshark-users] VoIP analysis and assessment Yes, Wireshark can re-construct the audio, but it's without the jitter-buffer of the client device in mind. It merely strings the RTP packets together and makes a WAV file. I learned this the hard way. Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Swinney Sent: Wednesday, October 04, 2006 1:59 PM To: Community support list for Wireshark Subject: Re: [Wireshark-users] VoIP analysis and assessment Many thanks for the direction. Have I read the Wireshark docs right in that it can reconstruct the audio of VoIP call from the packets captured? I will firstly attempt to run simultaneous captures at both ends, inserting a 100Mbit hub between the router and PBX switch with PC's running Wireshark connected to the hub (can't afford a network probe). This will hopefully capture all traffic passing to the router including that destined to be sent across the VPN without causing to much of a skew to the data (due to the non duplex nature of the hub). If I can then reconstruct the audio I might have a better understanding of what the user is experiencing. I will try an repeat the exercise with a software based VoIP product that can be run from the two capture PC's assuming they will be up to the task (any suggestions?), or other VoIP hardware that can be used to connect direct without the need for the PBX. I hope this will at least give an indication of where the fault lies. However, I am beginning to suspect the PBX switches. We ran a simple test by disconnecting the rest of the data networks which made little/no difference. We are well within our bandwidth budgetary constraints (150 kbps) and the ISP latency between sites is only 45ms. If Wireshark isn't really the tool to get accurate quality scores, has anyone got any suggestions for a tool that might be better suited to the task - without breaking the bank? Thanks, Chris -Original Message- From: Jaap Keuter [mailto:[EMAIL PROTECTED] Sent: 28 September 2006 07:08 To: Community support list for Wireshark Subject: Re: [Wireshark-users] VoIP analysis and assessment Hi, [CLIP elaborate description] I think Wireshark is of limited use here. Things like MOS determination is not in it's realm. But it can be helpfull. I would go for test calls. Get down to the ends where the buzz problem is happening and from there call into an autoanswering upstream extension connected to a tone source. Capture the RTP traffic with Wireshark once determined that the buzz occurs. Save the payload of this capture and see what's made of it. If the buzzing is in there, you've got issues with the PSTN/VoIP codecs, if it's not the jitterbuffer in the terminals may be wacky. Just my E0.02 Jaap ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] VoIP analysis and assessment
Jacques, Olivier (OpenCall Test Infra) wrote: Yes, Wireshark can re-construct the audio, but it's without the jitter-buffer of the client device in mind. It merely strings the RTP packets together and makes a WAV file. I learned this the hard way. This is not true anymore. The VoIP Calls/RTP Player feature (as available in latest development releases of Wireshark 0.99.4) allows to reconstruct the audio _with_ jitter buffer in mind. It works this way: - You specify the jitter buffer size (in ms) - You press Decode button: Wireshark re-construct the audio. - RTP packets with an excessive jitter are dropped - The number of RTP packets dropped are counted and displayed - You can listen to resulting audio from within Wireshark See picture attached. Of course, this doesn't take into account other client-side parameters like adaptive jitter buffer, bad clocking, bad RTP implementation, ... Last warning, RTP player supports G711 A/u law codecs at the moment. It is possible to add your own codecs, the RTP player feature being well designed for that, but codecs licensing issues will certainly prevent many codecs to be included in Wireshark. Olivier. Shouldn't this info be included in the wiki (it's documented nowhere else AFAIK)? Regards, ULFL ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] Searching mailing list?
Yeah but proper mailing list are searchable also this one just isn't. On 10/6/06, Chris Swinney [EMAIL PROTECTED] wrote: This somewhat goes back to the idea of a user forum I spoke of. Newer users especially will find the collation of relevant queries that are fully searchable in one location via a web interface simpler to navigate than mailing lists. The Wiki is excellent, but this is not the place to post hundreds of queries. I'm not saying that mailing lists are wrong, I have grown up with various forms of electronic communication from text interface though to what we have now. I personally find a GUI simpler to use that a CLI. Thanks, Chris -Original Message- From: Jeff Morriss [mailto:[EMAIL PROTECTED] Sent: 06 October 2006 04:52 To: Community support list for Wireshark Subject: Re: [Wireshark-users] Searching mailing list? Jeff Sadowski wrote: Did you read my question? That is what I tried I guess I chose an unanswered question though going on the fact of how my other question went. Is there a way to just query the mailing lis alone though is more the question. Yes I read your question and I answered with how _I_ do what you wanted to do (in case it helped). I personally don't see the need to limit my searches to just the mailing lists (especially when the response from Google is basically instantaneous; it's not like searching the whole site takes longer). If I am only interested in the mailing lists, I can always just skip over the non-mailing list responses from Google. Maybe Google has a way to limit responses to a part of the site, I never tried. On 10/5/06, Jeff Morriss [EMAIL PROTECTED] wrote: Jeff Sadowski wrote: Lots of the mailing lists I'm familiar with have a search option on the web interface. I don't see it on this mailing lists web interface. How would I search the repositories for questions people have asked; that might already be answered? I searched for searching through mailing lists on google nothing seamed relevant. When I'm looking for something in Ethereal/Wireshark's mailing list archives, I tend to just Google for: topic I'm looking for site://wireshark.org Google's faster than any local-to-the-site search engine, and I'm already well accustomed to its interface, so... ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] What about a Wireshark forum?
Chris it is pointless arguing with them we might as well just build are own forum and ask nicely if they could give us a link off of thier page. I don't have the bandwidth as of yet but I might be able to pull a few strings. On 10/6/06, Chris Swinney [EMAIL PROTECTED] wrote: There is obviously a case for and against both mail lists and forums. Over the years, I have personally used many forms of electronic communication from text based to web based, CLI to GUI. I personally prefer a web based GUI were a collection of related queries and discussion can be searched instantly with answers retrieved without the need to re-post, or subject areas can be browsed at leisure. I also believe that new users will find a web based forum more accessible and I do not think that the more technically able should NOT differentiate themselves in a kind of I can do this, you can't - Nah Na Na Nah Nah attitude. However, for some the mailing list is preferable as they clearly know how to extract the relevant information quickly and efficiently. For others it is essential as they may not have access to browser based computers. The WiKi has been mentioned and although this is an excellent resource of information, I do not believe this is the place to start posting endless queries. It should remain a place were facts and tips can be obtained about the product. Cleary some kind of link between a mailing list and forum would need to be established so that users could post to either using their preferred method and responses would be open to all. So any idea? Thanks, Chris -Original Message- From: Joerg Mayer [mailto:[EMAIL PROTECTED] Sent: 05 October 2006 16:15 To: Community support list for Wireshark Subject: Re: [Wireshark-users] What about a Wireshark forum? On Tue, Oct 03, 2006 at 08:47:46AM -0600, Jeff Sadowski wrote: I really see no difference to email I click on a link just as if I read my email. Well, there is the central point why you don't understand the mail users: Some of us DON'T click. No mouse interaction required at all to read mail. Also, with my mailreader I can configure how I want my mails to be sorted (by date, by thread, ...). With a forum the forum software decides how things will look at the users machine, and using just a text interface, forums are sort of inconvenient to read. No, they are not. Get a good mail client. I handle a couple of hundred mails a day. How I handle that much mail? Well my client supports sorting, scoring and threading so it's no big problem. If I'm not interested in a discussion I just press one key and it's marked as read. If I don't want to read about a specific topic I just hit a couple of keys and I'll never read it a again. I've never seen this features in a web based forum. That would be a good idea for a forum individual prefferences on what to ignore. Also maybe some sort of grouping of topics like a similar topic frame hmm. gmail supports quite a bit of options and I could also use it through any mail client I desire I really don't care infact I recently switched from yahoo to gmail and I like gmails defacto web interface a lot so far. I don't read mails via a web interface if I can avoid it - its a *major* inconvenience. You can do that before sending a mail message, too. Or do you mean you can *retroactively* edit one of your postings? retroactive like in fedoraforum.org you can edit your own postings at anytime unless it is locked by a moderator. fix words so that it is less irritating for other readers. I make a lot of grammatic mistakes and reading what i write can be difficult I can't always catch it before I type the send button. Well, how about checking *before* sending a mail? How about using a spell checker or something similar? Btw, spending time on a typo is a wast of time. If something is of permanent interest, please write a wiki entry for it. Wiki has a web interface so if you like to use web interfaces, just go to wiki.wireshark.org and find a good place where to permanently store that interesting piece of information. Not only that, but if your wiki entry is interesting, others may enhance it - and that's something you can't do with interesting forum posts. Ciao Joerg -- Joerg Mayer [EMAIL PROTECTED] We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology. ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] Searching mailing list/forum
Full ACK My final statement on forums from a personal pov. Feel free to set up as many forums as you want. I am sure Gerald can be asked to add a link from the website to your forum. As is obvious from the responses and lack of interest in the developer community it does appear very unlikely that there will be much interest from developers to participate. Personally I have opinions about the usefulness of forums compared to using a mailinglist and personally find it unlikely that I would spend any time on non-mailinglist discussions. I happen to agree with one of the previous pov's that were expressed : forums suck. If you want a forum, go ahead and create one. There are probably many many sites that offer users to set up and manage any kind of forums. Try one of those and ask Gerald to link to it. On 10/6/06, Anders Broman (AL/EAB) [EMAIL PROTECTED] wrote: Hi,To me it looks like it boils down to- None of the maintainers of Wireshark are interested in seting up aforum (or participate in one)...As noted before feel free to set one up.BRAnders -Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] ] On Behalf Of ChrisSwinneySent: den 6 oktober 2006 11:06To: Community support list for WiresharkSubject: Re: [Wireshark-users] Searching mailing list?This somewhat goes back to the idea of a user forum I spoke of. Newer users especially will find the collation of relevant queries that arefully searchable in one location via a web interface simpler to navigatethan mailing lists. The Wiki is excellent, but this is not the place to post hundreds of queries.I'm not saying that mailing lists are wrong, I have grown up withvarious forms of electronic communication from text interface though towhat we have now. I personally find a GUI simpler to use that a CLI. Thanks,Chris-Original Message-From: Jeff Morriss [mailto:[EMAIL PROTECTED]]Sent: 06 October 2006 04:52To: Community support list for Wireshark Subject: Re: [Wireshark-users] Searching mailing list?Jeff Sadowski wrote: Did you read my question? That is what I tried I guess I chose an unanswered question though going on the fact of how my other question went. Is there a way to just query the mailing lis alone though is more the question.Yes I read your question and I answered with how _I_ do what you wantedto do (in case it helped).I personally don't see the need to limit my searches to just the mailing lists (especially when the response fromGoogle is basically instantaneous; it's not like searching the wholesite takes longer).If I am only interested in the mailing lists, I can always just skip over the non-mailing list responses from Google.Maybe Google has a way to limit responses to a part of the site, I nevertried. On 10/5/06, Jeff Morriss [EMAIL PROTECTED] wrote: Jeff Sadowski wrote: Lots of the mailing lists I'm familiar with have a search option on the web interface. I don't see it on this mailing lists web interface. How would I search the repositories for questions people have asked; that might already be answered? I searched for searching through mailing lists on google nothing seamed relevant. When I'm looking for something in Ethereal/Wireshark's mailing list archives, I tend to just Google for: topic I'm looking for site://wireshark.org Google's faster than any local-to-the-site search engine, and I'm already well accustomed to its interface, so...___Wireshark-users mailing listWireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users___Wireshark-users mailing list Wireshark-users@wireshark.orghttp://www.wireshark.org/mailman/listinfo/wireshark-users ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
[Wireshark-users] Malformed packet within Putty's 0.52 SSH
Within Ethereal I am detecting a malformed packet coming from a Putty SSH Client using version 0.52. Could my users have downloaded a tainted version of Putty? Also, why does Ethereal consider it a malformed packet from SSH? Any ideas?? Thanks .. ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users