1
00:00:00,000 --> 00:00:07,766



2
00:00:07,766 --> 00:00:11,852
Welcome back to INE's Wireshark Foundation

3
00:00:11,852 --> 00:00:15,109
where we will continue learning about Wireshark

4
00:00:15,109 --> 00:00:22,852
and in this module, we will discuss 
capturing VOIP or voice over IP.

5
00:00:22,852 --> 00:00:27,356
So, what is voice over IP?

6
00:00:27,356 --> 00:00:32,204
Voice over IP is the, the service that allows you

7
00:00:32,204 --> 00:00:36,779
to enable voice communications over data networks.

8
00:00:36,779 --> 00:00:41,961
It requires its own set of protocols
and signaling methods.

9
00:00:41,963 --> 00:00:47,846
There's codecs assigned. The layout is 
very different, you have gateways, 

10
00:00:47,842 --> 00:00:52,964
not your typical default gateway, but actual voice gateways.

11
00:00:52,964 --> 00:00:56,235
And the whole entire system operates together

12
00:00:56,235 --> 00:01:01,553
to provide you with the good call quality over a 

13
00:01:01,553 --> 00:01:04,224
pre-existing data network where as in the old days,

14
00:01:04,224 --> 00:01:09,092
you'd use a typically an old PBX with analog

15
00:01:09,092 --> 00:01:12,491
type of technology to talk on the telephone.

16
00:01:12,491 --> 00:01:19,360
Now, you can hang a PC and a voice phone together

17
00:01:19,360 --> 00:01:23,192
off a single switchboard with 2 VLAN's.

18
00:01:23,192 --> 00:01:25,408
You could set up quality of service.

19
00:01:25,408 --> 00:01:28,975
It can all talk to a unified communication system

20
00:01:28,975 --> 00:01:32,929
and you can do advanced collaboration 
through your email

21
00:01:32,929 --> 00:01:36,766
through jabber and so on and so forth.

22
00:01:36,766 --> 00:01:40,807
But, there's a lot of things that can go wrong.

23
00:01:40,807 --> 00:01:42,807
Obviously, what I like to tell people

24
00:01:42,807 --> 00:01:45,858
was that if your data network is a garbage,

25
00:01:45,858 --> 00:01:49,075
then it's likely that you're going to get 
garbage in, garbage out.

26
00:01:49,075 --> 00:01:53,624
And what that means is obviously,
you want to have the correct bandwidth or

27
00:01:53,624 --> 00:01:56,060
optimize the network in every way that you can. 

28
00:01:56,060 --> 00:02:00,980
Have no port mismatches.
Anyway that you can make sure that

29
00:02:00,986 --> 00:02:04,935
the data network operates at an optimal level

30
00:02:04,935 --> 00:02:07,682
and provides the performance that you need.

31
00:02:07,682 --> 00:02:11,473
And then when you design 
to put voice on top of it,

32
00:02:11,473 --> 00:02:14,592
you want to make sure that you consider

33
00:02:14,592 --> 00:02:18,799
the overhead and exactly what it is 
that you're going to be deploying.

34
00:02:18,799 --> 00:02:23,300
So that being said, common issues that 
you will see with VOIP,

35
00:02:23,300 --> 00:02:26,073
you will have dropped calls.

36
00:02:26,073 --> 00:02:31,010
You could have one-way calls where 
you can hear but you can't speak or vice versa.

37
00:02:31,010 --> 00:02:37,683
Hair-pinning. You could have poor quality, 
you could have jitter.

38
00:02:37,683 --> 00:02:41,299
Your QoS could be configured incorrectly or

39
00:02:41,299 --> 00:02:45,148
in lieu of not having it, have problems because

40
00:02:45,148 --> 00:02:49,572
you're trying to do a voice call and 
someone's sending a huge data transfer

41
00:02:49,572 --> 00:02:52,132
over the network and causing poor performance.

42
00:02:52,132 --> 00:02:58,182
So, that being said, Wireshark 
can help you capture this data

43
00:02:58,182 --> 00:03:03,102
take a good look inside it and start
to figure out what exactly is going on.

44
00:03:03,102 --> 00:03:09,914
So, here we see a basic capture voice.

45
00:03:09,921 --> 00:03:14,190
And some of the things that we can see in here,
specific settings.

46
00:03:14,200 --> 00:03:20,504
We can see SIP connections,
sessions initiation protocol.

47
00:03:20,519 --> 00:03:27,469
What that allows you to do is 
have your client and I have one here.

48
00:03:27,469 --> 00:03:38,130
Allows you to use a SIP client to make a call 
directly in and allows you to establish

49
00:03:38,156 --> 00:03:41,800
a phone connection. But in order to do that 
you have to make sure that 

50
00:03:41,800 --> 00:03:47,571
you're again, your network is performing 
optimally and so on and so forth.

51
00:03:47,571 --> 00:03:52,981
So the tools that you can use to capture voice
is obviously you can just a run a capture

52
00:03:52,981 --> 00:03:59,701
and you could run your capture on a,
and place your Wireshark instance correctly

53
00:03:59,693 --> 00:04:06,528
so that you can perhaps, capture data 
leaving your phone or infront of a,

54
00:04:06,551 --> 00:04:13,593
let's say, your server where you're 
actually taking the calls from.

55
00:04:13,593 --> 00:04:17,823
You can place Wireshark and capture data 
and view on your capture window,

56
00:04:17,823 --> 00:04:21,220
run some filters on it. You can do a flow graph.

57
00:04:21,220 --> 00:04:25,572
And what I wanted to highlight specifically 
was the telephony menu

58
00:04:25,572 --> 00:04:29,848
in the capture window which we have not 
really looked at until now because 

59
00:04:29,865 --> 00:04:35,509
this will only really become relevant
once you start capturing voice data.

60
00:04:35,509 --> 00:04:37,288
An obviously in the analyze menu,

61
00:04:37,288 --> 00:04:41,711
you can use the Expert and 
other tools to help troubleshoot it.

62
00:04:41,711 --> 00:04:47,609
So, as we mentioned before,
 SIP or the session initiation protocol,

63
00:04:47,609 --> 00:04:56,601
allows you to initiate a VOIP call
and we will be taking a look at that.

64
00:04:56,600 --> 00:05:00,765
And the way that we can look at that is 
within Wireshark.

65
00:05:00,765 --> 00:05:06,831
Again, once we've captured our data and
we've tried to make a call with our SIP client,

66
00:05:06,831 --> 00:05:10,597
we can go into telephony and 
we can look at voice calls.

67
00:05:10,597 --> 00:05:16,918
And from in here, you will see 
specifically the calls trying.

68
00:05:16,916 --> 00:05:21,879
You can see the state, so it's, 
they're trying to set up the call, or it's ringing 

69
00:05:21,879 --> 00:05:26,595
or maybe you'll see cancelled or rejected.

70
00:05:26,595 --> 00:05:30,675
So there's certain information you can find here

71
00:05:30,675 --> 00:05:39,528
once you start to drill down and really analyze
the data which we will do in the next module.

72
00:05:39,528 --> 00:05:45,374
So essentially, to capture VOIP,

73
00:05:45,374 --> 00:05:48,215
you want to place Wireshark correctly.

74
00:05:48,215 --> 00:05:49,829
You want to run your capture. 

75
00:05:49,829 --> 00:05:54,301
You want to make sure that 
you're capturing the correct data.

76
00:05:54,291 --> 00:06:00,790
In this example, we had a SIP client and 
we tried to make a connection out to a provider.

77
00:06:00,801 --> 00:06:06,088
We had a series of issues. In one instance, 
we put in the wrong credentials.

78
00:06:06,088 --> 00:06:11,312
Different strings, we tried to create different
issues here but essentially 

79
00:06:11,312 --> 00:06:15,943
we've gotten all the errors back 
where as you could see on the example here, 

80
00:06:15,953 --> 00:06:18,124
we were getting rejected.

81
00:06:18,134 --> 00:06:24,231
So Wireshark can help you capture and isolate,
and review VOIP traffics

82
00:06:24,231 --> 00:06:29,443
so that you can troubleshoot it and analyze
what could potentially be the problem.

83
00:06:29,443 --> 00:06:35,039