How To Analyze SIP Calls in Wireshark

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] when we face the issue like a call failed or no audio in zip for the most of time we need to get the pcap dom file and check the packets in this video we will introduce how to use wireshark to analyze a zip code pcapp thumb file contains all the protocols travel the network card and while shock has expressions to filter the packets so that can display the particular messages for the particular protocol here are some common strings list below in wild shock if you want the filter zip protocol you can just enter zip into the dialog box and press enter like i just did if you want to filter rtp streams enter rtp then you can boost all the package from the top to the bottom and if you want the filter package with rtcp you can just enter it then you can get all the package with real term transport control protocol both in sender report and source descriptions and if you want the filter by iphas the operation will be a little different please enter the following command this command will help you quickly find the package you need so after briefly introduce some filters in the second part of this video we will describe in detail how to analyze a zip code use the manual entry telephony to vape cost choose the cost you want to check and click the flow sequence button we can see the graph of this car with some details including signaling flow between different ua directions source and designation part of rtp streams and even you can see the codec of the rtp stream when we capture packets on the sbc the number of zip codes is very huge and the above method is not effective anymore so here is what we should do while shock have plenty of filters for c protocol most common use is sip method and zip code id now we find the messages with the invite flag in sip then right click it choose apply as filter selected then we can see all the zip code flow usually sip will generate a random call id number for each call so we can mark one zip code with the call id parameter select one of the calls and find the call id in the message header section right click call id choose apply as filter then select after filtering we can see all the seed flow in this p-cap dom file use the manual entry telephony voip cost opening flow sequence for comparison in this graph we can see that every event matches up this approach allows you to more accurately filter out the zip code streams you want to analyze in a complex course scenarios in some cases while shark cannot face the zip content smoothly because while shark will face the content according to the default part of the protocol and when the default part is occupied facing arrows will occur here we will analyze a case typing sip in the dialog box it shows nothing in type rtp we get the same result in this case we have to analyze the information message by message so we scan each message from the first one to the bottom in the first 190 messages no abnormalities were found but until the 120th message we found an unusual message about the logical link control protocol a data link layer protocol that is incorrectly faced at the application layer is a simple protocol layer diagram to help you understand why logical link control shouldn't be here therefore we can determine that there is a problem here and further look at the packet part of the message we can find that there is hidden sip information so here we right click on this message and select the code as to face the message from the same part as a zip message you will see that this message is rendered back to normal and you can now view the sdp information using zip filtering again you can also get the results and all the original logical link control information has disappeared so after analyzing a zip code in the last part of this video we intend to analyze the rtp flow during the call when we have a voice issue we could check the following problem with wild shock is the rtp stream exists is the rtb stream sent and receive on the right ipsjs import when analyzing rtp stream we still use zip method and zip call id to do the filtering like i just did in the sip section in the sdp information of the sip packet we can find this line which indicates the port number of the rtp stream's transmission then we use the manual telephony rtp rtp streams by checking source part to find the stream you need to analyze you could press reverse button to get a two-way rtp stream then click analyze you can see more information presented in both data and graphical formats click play streams this will help you understand more visually if there is a problem with rtp stream through sound alright guys this is what we have in this video don't forget to subscribe to our channel get more detail about troubleshooting check our knowledge base get more information about system configuration please visit our document center i'll see you guys in the next one

Info

Channel: Yeastar Technical Channel

Views: 30,594

Rating: undefined out of 5

Keywords: wireshark, sip

Id: Fyfj8prAqrU

Channel Id: undefined

Length: 7min 25sec (445 seconds)

Published: Sat Jun 26 2021