What are your IP address assignments for the different VLANs?
For further sniffing. Setup a ring buffered capture at two
endpoints and run test calls between them until you generate the issue. Look at
it unfiltered first. We need to go lower layer, losing your RTP packets is more
of a symptom than a cause. I’d also want to see how the call control
protocol is going (SIP?). I am wondering why you aren’t also having calls
dropped or failing call setup entirely.
The “wrong sequence nr” just means that there has
been a jump in the RTP sequence that indicates packet loss.
Ryan Zuidema
From:
wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Mark Jeffers
Sent: Wednesday, June 17, 2009 9:32 AM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Huge VoIP Problem :(
We've been having a terrible time with a new VoIP system on
our network.
The phone system is manufactured by Allworx - it is tied to
the outside world with a standard PRI, so the only IP portion of calls takes
place between our LAN phone server and the IP extensions.
Several of the extensions are having packet loss problems
resulting in echoes, "static", dropped audio, etc. The problems
are intermittent and jump around to different phones on the network.
The switches we are using are Dell 3548P
PowerConnects. I've configure the network to use two VLANs - one
for phone, one for everything else - and used VLAN tagging and CoS to
prioritize VoIP traffic. I've actually combed through the configs
with a Dell engineer, and we're good there.
So I'm relatively new to both VoIP and hardcore packet
analysis, but I found an excellent article on troubleshooting VoIP using wireshark
and followed instructions.
I mirrored one of the Trunk ports on the switch to my
laptop, configured Wireshark to filter out all but UDP packets and let it
run for about an hour.
The results are horrible... I've attached screenshot images
so you guys might be able to help me figure this out.
When I ran an RTP Stream analysis, there were blocks of
sessions where several of them had "Max Delta" in the thousands (some
in the 9000s), resulting in 90+% packet
loss! See Image1,jpg
I drilled down into one of the streams to see a bunch of
"Wrong Sequence nr" messages - See Image2.jpg
I went to VoIP Calls under the statistics menu, and pulled
up the same call shown in Image2 - looked fine to me, but I'm a noob - See
Image3.jpg
I'm at a loss here. Obviously severe network
issues, or the Phone Switch is bad. I've tried everything I can
think of to no avail. Anybody have any ideas of what might be wrong, or
what further information I should gather to help pinpoint the
issue? I'm going nuts here and any help would be greatly, greatly
appreciated. :)
