Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] Huge VoIP Problem :(

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "gdonts" <gdonts@xxxxxxxxx>
Date: Fri, 19 Jun 2009 01:57:06 +0100
Hey Mark,
 
I went through similar-ish about 12 months ago. VoIP issues caused by poor network connection, but unable to show/prove where. From your screengrabs it looks like everything's on the same LAN/subnet, but it might be worth setting up what got me out of a fix last year - PingPlotter (www.pingplotter.com). You can try it for free & leave it run for a few hours/days, and unlike a standard MTR or tracert or similar, it'll record connection over a period of time (like 24 hours), which you can roll back over/review and pinpoint where the connection's being dropped intermittently.
 
May/may not be the issue, but worth trying - the online help is pretty good, but the developer behind it is also pretty helpful if you send him on the output files for analysis.
 
hope that helps....
 
 
gd
 
 

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Ujjval Karihaloo
Sent: 19 June 2009 00:02
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Huge VoIP Problem :(

 

Is it possible for you to get the Fortigate out of the picture to test. We have seen issues when running VoIP through those.

 

bvoip

 

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Mark Jeffers
Sent: Thursday, June 18, 2009 4:45 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Huge VoIP Problem :(

 

In saying ARP caching could be a factor, are you saying ARP caching could be causing the problem or it could offer some relief?

On the firewall issue, I do have a Fortigate 100A acting as a Level 3 router between the two different VLANs... some of the PCs on VLAN1 use a software call center package and need to talk to the Phone server on the other VLAN.   Since the phones and the phone server are on the same VLAN and are experiencing packet loss, I don't see where the router is coming into play, but I'm willing to look at anything.

Cheers, mj



On Thu, Jun 18, 2009 at 5:03 PM, Bob Carlson <bob@xxxxxxxxxxxxx> wrote:

This is almost certainly a network issue. Given the intermittent nature, you might have a circular path in the LAN. ARP caching could be a factor. If there’s a firewall involved look there too.

 

Cheers, Bob

Eugene, OR - Tucson, AZ

 

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Mark Jeffers
Sent: Wednesday, June 17, 2009 9:32 AM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Huge VoIP Problem :(

 

We've been having a terrible time with a new VoIP system on our network.

The phone system is manufactured by Allworx - it is tied to the outside world with a standard PRI, so the only IP portion of calls takes place between our LAN phone server and the IP extensions.

 

Several of the extensions are having packet loss problems resulting in echoes, "static", dropped audio, etc.  The problems are intermittent and jump around to different phones on the network.

 

The switches we are using are Dell 3548P PowerConnects.   I've configure the network to use two VLANs - one for phone, one for everything else - and used VLAN tagging and CoS to prioritize VoIP traffic.   I've actually combed through the configs with a Dell engineer, and we're good there.

 

So I'm relatively new to both VoIP and hardcore packet analysis, but I found an excellent article on troubleshooting VoIP using wireshark and followed instructions.

 

I mirrored one of the Trunk ports on the switch to my laptop, configured Wireshark to filter out all but UDP packets and let it run for about an hour. 

The results are horrible... I've attached screenshot images so you guys might be able to help me figure this out.

When I ran an RTP Stream analysis, there were blocks of sessions where several of them had "Max Delta" in the thousands (some in the 9000s), resulting in 90+% packet loss!  See Image1,jpg  

I drilled down into one of the streams to see a bunch of "Wrong Sequence nr" messages - See Image2.jpg

I went to VoIP Calls under the statistics menu, and pulled up the same call shown in Image2 - looked fine to me, but I'm a noob - See Image3.jpg

 

I'm at a loss here.   Obviously severe network issues, or the Phone Switch is bad.   I've tried everything I can think of to no avail.  Anybody have any ideas of what might be wrong, or what further information I should gather to help pinpoint the issue?   I'm going nuts here and any help would be greatly, greatly appreciated.  :)

 

Cheers,

Mark

 


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

 

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube