Wireshark mailing list archives
Re: how to analyze udp streams of skype chat
From: "Vineeth Rakesh " <grittygeek () gmail com>
Date: Mon, 31 Jan 2011 11:54:17 -0500
Hello, I do not know how the measure the delay. I am much interested in the time stamps of the packet when it is sent and received. I am not going to do a VOIP test for QOS or other parameters. I am basically looking forward to study the traffic patterns. Probably I need to take the difference of departing and arrival time of packets. Thank You Vineeth From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of wireshark-users-request () wireshark org Sent: Sunday, January 30, 2011 3:00 PM To: wireshark-users () wireshark org Subject: Wireshark-users Digest, Vol 56, Issue 26 Send Wireshark-users mailing list submissions to wireshark-users () wireshark org To subscribe or unsubscribe via the World Wide Web, visit https://wireshark.org/mailman/listinfo/wireshark-users or, via email, send a message with subject or body 'help' to wireshark-users-request () wireshark org You can reach the person managing the list at wireshark-users-owner () wireshark org When replying, please edit your Subject line so it is more specific than "Re: Contents of Wireshark-users digest..." Today's Topics: 1. Re: tcp.time_delta column with tshark (j.snelders) 2. tshark: Read filters were specified both with "-R" and with additional command-line arguments (Neil Fraser) 3. Re: tshark: Read filters were specified both with "-R" and with additional command-line arguments (Alan Tu) 4. Re: tshark: Read filters were specified both with "-R" and with additional command-line arguments (Neil Fraser) 5. Re: tshark: Read filters were specified both with "-R" and with additional command-line arguments (Alan Tu) 6. Re: tshark: Read filters were specified both with "-R" and with additional command-line arguments (Neil Fraser) 7. Re: how to analyze udp streams of skype chat (Martin Visser) 8. Re: tcp.time_delta column with tshark (vincent paul) 9. Re: tshark: Read filters were specified both with "-R" and with additional command-line arguments (Sake Blok) 10. Re: tcp.time_delta column with tshark (Martin Visser) 11. WIRESHARK EVENT IN A TECHFEST (NISHANT BULCHANDANI) 12. about the VOIP bandwidth (nangergong) 13. Re: how to analyze udp streams of skype chat (nangergong) ---------------------------------------------------------------------- Message: 1 Date: Sun, 30 Jan 2011 01:12:02 +0100 From: "j.snelders" <j.snelders () telfort nl> To: "Community support list for Wireshark" <wireshark-users () wireshark org> Subject: Re: [Wireshark-users] tcp.time_delta column with tshark Message-ID: <4CA9C7750006593A () mail-3-nl mail tiscali sys> Content-Type: text/plain; charset="US-ASCII" On Sat, 29 Jan 2011 17:24:21 +0100 Sake Blok wrote:
On 29 jan 2011, at 16:52, j.snelders wrote:On Sat, 29 Jan 2011 00:26:40 -0800 (PST) vincent paul wrote:1) I try to use tshark to export a capture into csv file. I use -T
fields
-E separator=, -e tcp.time_delta....... I could see other column data butnottcp.time_delta . Any idea.No, but it does print the frame.time_delta $ tshark -r test.pcap -T fields -E separator=, -e frame.number -e
frame.time_delta
In order to be able to use tcp.time_relative and tcp.time_delta, you will need to enable TCP timestamps. This is disabled by default (for performance optimization). You can check whether tshark is using TCP timestamps: $ tshark -G currentprefs | grep tcp.calculate_timestamps tcp.calculate_timestamps: TRUE $ If you want to enable them, use: tshark -o cp.calculate_timestamps:TRUE -r <file> -T fields -e ... -e
tcp.time_delta
-e ... Cheers, Sake
Dank je wel;-) Joke ------------------------------ Message: 2 Date: Sun, 30 Jan 2011 13:58:14 +1100 From: Neil Fraser <cbr250 () gmail com> To: wireshark-users () wireshark org Subject: [Wireshark-users] tshark: Read filters were specified both with "-R" and with additional command-line arguments Message-ID: <AANLkTikV0NC0aVVqh0udr_jcFYMcwz5nUfJ3okdVcn5F () mail gmail com> Content-Type: text/plain; charset="iso-8859-1" Hi, I'm having an issue trying to extract certain calls from a dump I have already made with fairly specific criteria. It appears it doesn't like my quotation marks I am using in my filter from wireshark. Im a novice at using tshark so i'll explain what im trying to achieve input file : hammer2901b output file: 0291400000 filter: sip.to.addr == "sip:0291400000@192.168.1.1:5060" or sip.to.addr == "sip:1887500434779620@123.456.123.456" command I'm attempting to use in a linux environment: tshark -r hammer2901b -w 0291400000 -R sip.to.addr == " sip:0291400000@192.168.1.1:5060" or sip.to.addr == "sip:1887500434779620@123.456.123.456" output always remains as: tshark: Read filters were specified both with "-R" and with additional command-line arguments Any advice greatly appreciated. Regards, Neil Fraser. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.wireshark.org/lists/wireshark-users/attachments/20110130/5a3a716 6/attachment.html> ------------------------------ Message: 3 Date: Sun, 30 Jan 2011 03:04:26 +0000 From: Alan Tu <8libra () gmail com> To: Community support list for Wireshark <wireshark-users () wireshark org> Subject: Re: [Wireshark-users] tshark: Read filters were specified both with "-R" and with additional command-line arguments Message-ID: <AANLkTim8cvDA6d5hiD10k7BuQ32gH63GEWJF1yPgpOVV () mail gmail com> Content-Type: text/plain; charset=ISO-8859-1 Neil, I don't have a Linux environment to play with but try surrounding the whole display filter in a quote, like: tshark -r hammer2901b -w 0291400000 -R "sip.to.addr == sip:0291400000@192.168.1.1:5060 or sip.to.addr == sip:1887500434779620@123.456.123.456" Alan On 1/30/11, Neil Fraser <cbr250 () gmail com> wrote:
Hi, I'm having an issue trying to extract certain calls from a dump I have already made with fairly specific criteria. It appears it doesn't like my quotation marks I am using in my filter from wireshark. Im a novice at using tshark so i'll explain what im trying to achieve input file : hammer2901b output file: 0291400000 filter: sip.to.addr == "sip:0291400000@192.168.1.1:5060" or sip.to.addr == "sip:1887500434779620@123.456.123.456" command I'm attempting to use in a linux environment: tshark -r hammer2901b -w 0291400000 -R sip.to.addr == " sip:0291400000@192.168.1.1:5060" or sip.to.addr == "sip:1887500434779620@123.456.123.456" output always remains as: tshark: Read filters were specified both with
"-R"
and with additional command-line arguments Any advice greatly appreciated. Regards, Neil Fraser.
------------------------------ Message: 4 Date: Sun, 30 Jan 2011 14:14:04 +1100 From: Neil Fraser <cbr250 () gmail com> To: Community support list for Wireshark <wireshark-users () wireshark org> Subject: Re: [Wireshark-users] tshark: Read filters were specified both with "-R" and with additional command-line arguments Message-ID: <AANLkTinyq3NooDDpbqERMqSUvLECGSnxOkXPVmCrDkRg () mail gmail com> Content-Type: text/plain; charset="iso-8859-1" Hi Alan, Thanks for your response, but unfortunately I get: tshark: "@" was unexpected in this context. Regards, On Sun, Jan 30, 2011 at 2:04 PM, Alan Tu <8libra () gmail com> wrote:
Neil, I don't have a Linux environment to play with but try surrounding the whole display filter in a quote, like:
tshark -r hammer2901b -w 0291400000 -R "sip.to.addr == sip:0291400000@192.168.1.1:5060 or sip.to.addr == sip:1887500434779620@123.456.123.456" Alan On 1/30/11, Neil Fraser <cbr250 () gmail com> wrote:Hi, I'm having an issue trying to extract certain calls from a dump I have already made with fairly specific criteria. It appears it doesn't like my quotation marks I am using in my filterfromwireshark. Im a novice at using tshark so i'll explain what im trying to achieve input file : hammer2901b output file: 0291400000 filter: sip.to.addr == "sip:0291400000@192.168.1.1:5060" or sip.to.addr=="sip:1887500434779620@123.456.123.456" command I'm attempting to use in a linux environment: tshark -r hammer2901b -w 0291400000 -R sip.to.addr == " sip:0291400000@192.168.1.1:5060" or sip.to.addr == "sip:1887500434779620@123.456.123.456" output always remains as: tshark: Read filters were specified both with"-R"and with additional command-line arguments Any advice greatly appreciated. Regards, Neil Fraser.
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe
-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.wireshark.org/lists/wireshark-users/attachments/20110130/033b4b0 4/attachment.html> ------------------------------ Message: 5 Date: Sun, 30 Jan 2011 03:25:11 +0000 From: Alan Tu <8libra () gmail com> To: Community support list for Wireshark <wireshark-users () wireshark org> Subject: Re: [Wireshark-users] tshark: Read filters were specified both with "-R" and with additional command-line arguments Message-ID: <AANLkTikTDsa_yPnW97MahMLf11kUsuUck16voJTLoA8L () mail gmail com> Content-Type: text/plain; charset=ISO-8859-1 Hmm. There are a few things at play. First, your shell environment interprets the command and arguments. Then Tshark does it too. I am pretty certain that the display filter needs to be quoted so that the shell will treat that whole thing as one argument. That's the way I run my scripts. You may want to try putting a backslash in front of the @ sign and see if Tshark likes it better. Try testing using a simple query (no and clauses), once you have that working, then build the complex queries. Alan On 1/30/11, Neil Fraser <cbr250 () gmail com> wrote:
Hi Alan, Thanks for your response, but unfortunately I get: tshark: "@" was unexpected in this context. Regards, On Sun, Jan 30, 2011 at 2:04 PM, Alan Tu <8libra () gmail com> wrote:Neil, I don't have a Linux environment to play with but try surrounding the whole display filter in a quote, like:tshark -r hammer2901b -w 0291400000 -R "sip.to.addr == sip:0291400000@192.168.1.1:5060 or sip.to.addr == sip:1887500434779620@123.456.123.456" Alan On 1/30/11, Neil Fraser <cbr250 () gmail com> wrote:Hi, I'm having an issue trying to extract certain calls from a dump I have already made with fairly specific criteria. It appears it doesn't like my quotation marks I am using in my filterfromwireshark. Im a novice at using tshark so i'll explain what im trying
to
achieve input file : hammer2901b output file: 0291400000 filter: sip.to.addr == "sip:0291400000@192.168.1.1:5060" or sip.to.addr=="sip:1887500434779620@123.456.123.456" command I'm attempting to use in a linux environment: tshark -r hammer2901b -w 0291400000 -R sip.to.addr == " sip:0291400000@192.168.1.1:5060" or sip.to.addr == "sip:1887500434779620@123.456.123.456" output always remains as: tshark: Read filters were specified both with"-R"and with additional command-line arguments Any advice greatly appreciated. Regards, Neil Fraser.
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe
------------------------------ Message: 6 Date: Sun, 30 Jan 2011 15:06:43 +1100 From: Neil Fraser <cbr250 () gmail com> To: Community support list for Wireshark <wireshark-users () wireshark org> Subject: Re: [Wireshark-users] tshark: Read filters were specified both with "-R" and with additional command-line arguments Message-ID: <AANLkTimQW=iK7u=dfi1Z-4Wbmj5nAJ_vDorY++ZyK9r3 () mail gmail com> Content-Type: text/plain; charset="iso-8859-1" Thanks, it looks like i'm having success by using: tshark -r hammer2901b -w 0291400000 -R "sip.To contains 0291400000 or sip.To contains 1887500412000000" By using contains rather than == I was able to simplify the query (and get rid of that annoying @) but still get get the same results. We have a saying here in Australia: K.I.S.S. "keep it simple stupid", it appears I was trying to be too complex. Thanks again for your advice. Best regards, Neil Fraser On Sun, Jan 30, 2011 at 2:25 PM, Alan Tu <8libra () gmail com> wrote:
Hmm. There are a few things at play. First, your shell environment interprets the command and arguments. Then Tshark does it too. I am pretty certain that the display filter needs to be quoted so that the shell will treat that whole thing as one argument. That's the way I run my scripts. You may want to try putting a backslash in front of the @ sign and see if Tshark likes it better. Try testing using a simple query (no and clauses), once you have that working, then build the complex queries. Alan On 1/30/11, Neil Fraser <cbr250 () gmail com> wrote:Hi Alan, Thanks for your response, but unfortunately I get: tshark: "@" was unexpected in this context. Regards, On Sun, Jan 30, 2011 at 2:04 PM, Alan Tu <8libra () gmail com> wrote:Neil, I don't have a Linux environment to play with but try surrounding the whole display filter in a quote, like:tshark -r hammer2901b -w 0291400000 -R "sip.to.addr == sip:0291400000@192.168.1.1:5060 or sip.to.addr == sip:1887500434779620@123.456.123.456" Alan On 1/30/11, Neil Fraser <cbr250 () gmail com> wrote:Hi, I'm having an issue trying to extract certain calls from a dump I
have
already made with fairly specific criteria. It appears it doesn't like my quotation marks I am using in my filterfromwireshark. Im a novice at using tshark so i'll explain what im tryingtoachieve input file : hammer2901b output file: 0291400000 filter: sip.to.addr == "sip:0291400000@192.168.1.1:5060" orsip.to.addr=="sip:1887500434779620@123.456.123.456" command I'm attempting to use in a linux environment: tshark -r hammer2901b -w 0291400000 -R sip.to.addr == " sip:0291400000@192.168.1.1:5060" or sip.to.addr == "sip:1887500434779620@123.456.123.456" output always remains as: tshark: Read filters were specified bothwith"-R"and with additional command-line arguments Any advice greatly appreciated. Regards, Neil Fraser.
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe
-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.wireshark.org/lists/wireshark-users/attachments/20110130/34fa01f b/attachment.html> ------------------------------ Message: 7 Date: Sun, 30 Jan 2011 16:21:53 +1100 From: Martin Visser <martinvisser99 () gmail com> To: Community support list for Wireshark <wireshark-users () wireshark org> Subject: Re: [Wireshark-users] how to analyze udp streams of skype chat Message-ID: <AANLkTinhXUoNkmLbwhceOU2pGwuFyifaYH1_EvwqnVvi () mail gmail com> Content-Type: text/plain; charset=UTF-8 Vineeth, I think you have you work cut out for you. Skype is a proprietary, unpublished protocol. Skype uses its own encryption scheme to boot. As such you can't really tell a request from a response, (if there is any), so I really think you won't get very far. If this is the beginnings of some sort of research project into voice quality of service, you probably want to concentrate on looking at more open protocols. Regards, Martin MartinVisser99 () gmail com On 29 January 2011 05:39, Vineeth <grittygeek () gmail com> wrote:
Hello all, I have a capture file of a group chat in skype between three persons. I
have
to measure the latency of the packet from source to destination and for which I need their time stamps. I see that all my voice chat follow the
udp
protocol and I am not able to find their time stamps. I just find the arrival time of the packet and not the time at which the packet was send from the destination. I believe the udp message must be converted to RTP
in
order to do this analysis am I right? If not can some one tell me a better way? I am basically trying to collect a real time data of how users chat when
it
comes to a group conversation. I am attaching the captured file with this email. Any help is appreciated. Thank You Vineeth
___________________________________________________________________________
Sent via: ? ?Wireshark-users mailing list <wireshark-users () wireshark org> Archives: ? ?http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users ? ? ? ? ? ?
mailto:wireshark-users-request () wireshark org?subject=unsubscribe
------------------------------ Message: 8 Date: Sat, 29 Jan 2011 21:26:42 -0800 (PST) From: vincent paul <amoteluro () yahoo com> To: Community support list for Wireshark <wireshark-users () wireshark org> Subject: Re: [Wireshark-users] tcp.time_delta column with tshark Message-ID: <814407.71578.qm () web111406 mail gq1 yahoo com> Content-Type: text/plain; charset="iso-8859-1" Thank you?Sake and J.Snelders for your quick and precious? help. Best Regards, PV NOTE: Any idea how to see the packets' content between client and its proxy (not web server) ________________________________ From: Sake Blok <sake () euronet nl> To: Community support list for Wireshark <wireshark-users () wireshark org> Sent: Sat, January 29, 2011 8:24:21 AM Subject: Re: [Wireshark-users] tcp.time_delta column with tshark On 29 jan 2011, at 16:52, j.snelders wrote:
On Sat, 29 Jan 2011 00:26:40 -0800 (PST) vincent paul wrote:1) I try to use tshark to export a capture into csv file.? I use -T
fields
-E separator=, -e tcp.time_delta.......? I could see other column data butnottcp.time_delta .? Any idea.No, but it does print the frame.time_delta $ tshark -r test.pcap -T fields -E separator=, -e frame.number -e frame.time_delta
In order to be able to use tcp.time_relative and tcp.time_delta, you will need to enable TCP timestamps. This is disabled by default (for performance optimization). You can check whether tshark is using TCP timestamps: $ tshark -G currentprefs | grep tcp.calculate_timestamps tcp.calculate_timestamps: TRUE $ If you want to enable them, use: tshark -o cp.calculate_timestamps:TRUE -r <file> -T fields -e ... -e tcp.time_delta -e ... Cheers, Sake ___________________________________________________________________________ Sent via:? ? Wireshark-users mailing list <wireshark-users () wireshark org> Archives:? ? http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users ? ? ? ? ? ? mailto:wireshark-users-request () wireshark org?subject=unsubscribe -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.wireshark.org/lists/wireshark-users/attachments/20110129/3ee5045 a/attachment.html> ------------------------------ Message: 9 Date: Sun, 30 Jan 2011 10:20:57 +0100 From: Sake Blok <sake () euronet nl> To: Community support list for Wireshark <wireshark-users () wireshark org> Subject: Re: [Wireshark-users] tshark: Read filters were specified both with "-R" and with additional command-line arguments Message-ID: <795C4DC1-00A4-4CE7-9A6A-2669597D436C () euronet nl> Content-Type: text/plain; charset=us-ascii On 30 jan 2011, at 03:58, Neil Fraser wrote:
command I'm attempting to use in a linux environment: tshark -r hammer2901b -w 0291400000 -R sip.to.addr ==
"sip:0291400000@192.168.1.1:5060" or sip.to.addr == "sip:1887500434779620@123.456.123.456"
output always remains as: tshark: Read filters were specified both with
"-R" and with additional command-line arguments That is because tshark will interpret this as "-R sip.to.addr" and use the rest of the commandline arguments as a read filter. So either you drop the -R or you have to make sure that the argument after -R is one string. You can do this by placing the whole filter within single quotes: -R 'sip.to.addr == "sip:0291400000@192.168.1.1:5060" or sip.to.addr == "sip:1887500434779620@123.456.123.456" ' Cheers, Sake ------------------------------ Message: 10 Date: Sun, 30 Jan 2011 19:42:19 +1000 From: Martin Visser <martinvisser99 () gmail com> To: Community support list for Wireshark <wireshark-users () wireshark org> Subject: Re: [Wireshark-users] tcp.time_delta column with tshark Message-ID: <AANLkTi=d2W-+SUM=mfG3UkXyQDY_h48aYCDVTW=9-aiZ () mail gmail com> Content-Type: text/plain; charset=UTF-8 If you capture traffic on your network on or in the path between the client and proxy, you will see see the HTTP proxy traffic. HTTP traffic direct to the web-server or via a proxy are fundamentally the same - the proxy just has to handle the edge conditions a little differently. Regards, Martin MartinVisser99 () gmail com On 30 January 2011 15:26, vincent paul <amoteluro () yahoo com> wrote:
Thank you?Sake and J.Snelders for your quick and precious? help. Best Regards, PV NOTE: Any idea how to see the packets' content between client and its
proxy
(not web server) ________________________________ From: Sake Blok <sake () euronet nl> To: Community support list for Wireshark <wireshark-users () wireshark org> Sent: Sat, January 29, 2011 8:24:21 AM Subject: Re: [Wireshark-users] tcp.time_delta column with tshark On 29 jan 2011, at 16:52, j.snelders wrote:On Sat, 29 Jan 2011 00:26:40 -0800 (PST) vincent paul wrote:1) I try to use tshark to export a capture into csv file.? I use -T fields -E separator=, -e tcp.time_delta.......? I could see other column data butnottcp.time_delta .? Any idea.No, but it does print the frame.time_delta $ tshark -r test.pcap -T fields -E separator=, -e frame.number -e frame.time_deltaIn order to be able to use tcp.time_relative and tcp.time_delta, you will need to enable TCP timestamps. This is disabled by default (for
performance
optimization). You can check whether tshark is using TCP timestamps: $ tshark -G currentprefs | grep tcp.calculate_timestamps tcp.calculate_timestamps: TRUE $ If you want to enable them, use: tshark -o cp.calculate_timestamps:TRUE -r <file> -T fields -e ... -e tcp.time_delta -e ... Cheers, Sake
___________________________________________________________________________
Sent via:? ? Wireshark-users mailing list <wireshark-users () wireshark org> Archives:? ? http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users ? ? ? ? ? ?
mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via: ? ?Wireshark-users mailing list <wireshark-users () wireshark org> Archives: ? ?http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users ? ? ? ? ? ?
mailto:wireshark-users-request () wireshark org?subject=unsubscribe
------------------------------ Message: 11 Date: Sun, 30 Jan 2011 16:55:58 +0530 From: NISHANT BULCHANDANI <nbulchandani () gmail com> To: wireshark-users () wireshark org Subject: [Wireshark-users] WIRESHARK EVENT IN A TECHFEST Message-ID: <AANLkTim_a8qkx5byO-zHNCeVmh5AOuaCtgMGa9LZOuSg () mail gmail com> Content-Type: text/plain; charset="iso-8859-1" Hello everyone, I am a student at SASTRA UNIVERSITY,Thanjavur,TamilNadu,INDIA.We are organising an event based on Wireshark in our techfest this year. Any one who is intrested please check out the link: <http://www.daksh.sastra.edu/events.php#events/comp> http://www.daksh.sastra.edu/events.php#events/comp The Event name is CONNECXIONS. Any suggestions for the event are also welcome. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.wireshark.org/lists/wireshark-users/attachments/20110130/dc17233 d/attachment.html> ------------------------------ Message: 12 Date: Sun, 30 Jan 2011 19:12:55 +0000 From: nangergong <nangergong () gmail com> To: wireshark-users () wireshark org Subject: [Wireshark-users] about the VOIP bandwidth Message-ID: <AANLkTikoLJkWQN4KPPrEKs-NUVr_j=HWNqZhXWej7EZz () mail gmail com> Content-Type: text/plain; charset="iso-8859-1" Hi, all: I'm using wireshark to capture VOIP streams, the Codec used in the VOIP session is G711, which uses bandwidth of 64kbps. When I follow the following steps to analyse the VOIP streams: Telephony->RTP->show all streams->Analyze, I found that the IP BW (bandwidth) column shows that the bandwidth is about 81.6 kbps. I also used a traffic monitoring program to monitor the traffic, which shows the bandwidth used is about 64kbps (conformant to G711 bit rate ). So, I wonder whether wireshark is accurate in measuring the bandwidth? or even other metrics such as jitter,etc.. Thank you! -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.wireshark.org/lists/wireshark-users/attachments/20110130/c7dcbc0 f/attachment.html> ------------------------------ Message: 13 Date: Sun, 30 Jan 2011 19:14:28 +0000 From: nangergong <nangergong () gmail com> To: Community support list for Wireshark <wireshark-users () wireshark org> Subject: Re: [Wireshark-users] how to analyze udp streams of skype chat Message-ID: <AANLkTinb9+BLk4YKO1c95_skpTAjPFszPfeC6ZXsyjMG () mail gmail com> Content-Type: text/plain; charset="iso-8859-1" I used an open source program to do VOIP tests. Do you have any idea on how to measure the delays? On Sun, Jan 30, 2011 at 5:21 AM, Martin Visser <martinvisser99 () gmail com>wrote:
Vineeth, I think you have you work cut out for you. Skype is a proprietary, unpublished protocol. Skype uses its own encryption scheme to boot. As such you can't really tell a request from a response, (if there is any), so I really think you won't get very far. If this is the beginnings of some sort of research project into voice quality of service, you probably want to concentrate on looking at more open protocols. Regards, Martin MartinVisser99 () gmail com On 29 January 2011 05:39, Vineeth <grittygeek () gmail com> wrote:Hello all, I have a capture file of a group chat in skype between three persons. Ihaveto measure the latency of the packet from source to destination and for which I need their time stamps. I see that all my voice chat follow theudpprotocol and I am not able to find their time stamps. I just find the arrival time of the packet and not the time at which the packet was send from the destination. I believe the udp message must be converted to RTPinorder to do this analysis am I right? If not can some one tell me abetterway? I am basically trying to collect a real time data of how users chat whenitcomes to a group conversation. I am attaching the captured file with this email. Any help isappreciated.Thank You Vineeth
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org
<mailto:wireshark-users () wireshark org%0b>
Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe
-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.wireshark.org/lists/wireshark-users/attachments/20110130/1b2c412 7/attachment.html> ------------------------------ _______________________________________________ Wireshark-users mailing list Wireshark-users () wireshark org https://wireshark.org/mailman/listinfo/wireshark-users End of Wireshark-users Digest, Vol 56, Issue 26 *********************************************** _____ No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1204 / Virus Database: 1435/3412 - Release Date: 01/30/11
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- how to analyze udp streams of skype chat Vineeth (Jan 29)
- Re: how to analyze udp streams of skype chat Martin Visser (Jan 29)
- Re: how to analyze udp streams of skype chat nangergong (Jan 30)
- <Possible follow-ups>
- Re: how to analyze udp streams of skype chat Vineeth Rakesh (Jan 31)
- Re: how to analyze udp streams of skype chat Martin Visser (Jan 29)