Wireshark mailing list archives

Re: how to analyze udp streams of skype chat

From: "Vineeth Rakesh " <grittygeek () gmail com>
Date: Mon, 31 Jan 2011 11:54:17 -0500

Hello,

 

I do not know how the measure the delay. I am much interested in the time
stamps of the packet when it is sent and received. I am not going to do a
VOIP test for QOS or other parameters. 

I am basically looking forward to study the traffic patterns.  Probably I
need to take the difference of departing and arrival time of packets.  

 

Thank You

Vineeth

 

From: wireshark-users-bounces () wireshark org
[mailto:wireshark-users-bounces () wireshark org] On Behalf Of
wireshark-users-request () wireshark org
Sent: Sunday, January 30, 2011 3:00 PM
To: wireshark-users () wireshark org
Subject: Wireshark-users Digest, Vol 56, Issue 26

 

Send Wireshark-users mailing list submissions to
        wireshark-users () wireshark org

To subscribe or unsubscribe via the World Wide Web, visit
        https://wireshark.org/mailman/listinfo/wireshark-users
or, via email, send a message with subject or body 'help' to
        wireshark-users-request () wireshark org

You can reach the person managing the list at
        wireshark-users-owner () wireshark org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Wireshark-users digest..."


Today's Topics:

   1. Re: tcp.time_delta column with tshark (j.snelders)
   2. tshark: Read filters were specified both with "-R" and with
      additional command-line arguments (Neil Fraser)
   3. Re: tshark: Read filters were specified both with "-R" and
      with additional command-line arguments (Alan Tu)
   4. Re: tshark: Read filters were specified both with "-R" and
      with additional command-line arguments (Neil Fraser)
   5. Re: tshark: Read filters were specified both with "-R" and
      with additional command-line arguments (Alan Tu)
   6. Re: tshark: Read filters were specified both with "-R" and
      with additional command-line arguments (Neil Fraser)
   7. Re: how to analyze udp streams of skype chat (Martin Visser)
   8. Re: tcp.time_delta column with tshark (vincent paul)
   9. Re: tshark: Read filters were specified both with "-R" and
      with additional command-line arguments (Sake Blok)
  10. Re: tcp.time_delta column with tshark (Martin Visser)
  11. WIRESHARK EVENT IN A TECHFEST (NISHANT BULCHANDANI)
  12. about the VOIP bandwidth (nangergong)
  13. Re: how to analyze udp streams of skype chat (nangergong)


----------------------------------------------------------------------

Message: 1
Date: Sun, 30 Jan 2011 01:12:02 +0100
From: "j.snelders" <j.snelders () telfort nl>
To: "Community support list for Wireshark"
        <wireshark-users () wireshark org>
Subject: Re: [Wireshark-users] tcp.time_delta column with tshark
Message-ID: <4CA9C7750006593A () mail-3-nl mail tiscali sys>
Content-Type: text/plain; charset="US-ASCII"

On Sat, 29 Jan 2011 17:24:21 +0100 Sake Blok wrote:

On 29 jan 2011, at 16:52, j.snelders wrote:

On Sat, 29 Jan 2011 00:26:40 -0800 (PST) vincent paul wrote:


1) I try to use tshark to export a capture into csv file.  I use -T

fields

-E
separator=, -e tcp.time_delta.......  I could see other column data but

not


tcp.time_delta .  Any idea.


No, but it does print the frame.time_delta
$ tshark -r test.pcap -T fields -E separator=, -e frame.number -e

frame.time_delta


In order to be able to use tcp.time_relative and tcp.time_delta, you will
need to enable TCP timestamps. This is disabled by default (for performance
optimization).

You can check whether tshark is using TCP timestamps:

$ tshark -G currentprefs | grep tcp.calculate_timestamps
tcp.calculate_timestamps: TRUE
$

If you want to enable them, use:

tshark -o cp.calculate_timestamps:TRUE -r <file> -T fields -e ... -e

tcp.time_delta

-e ...

Cheers,


Sake


Dank je wel;-)
Joke


      




------------------------------

Message: 2
Date: Sun, 30 Jan 2011 13:58:14 +1100
From: Neil Fraser <cbr250 () gmail com>
To: wireshark-users () wireshark org
Subject: [Wireshark-users] tshark: Read filters were specified both
        with "-R" and with additional command-line arguments
Message-ID:
        <AANLkTikV0NC0aVVqh0udr_jcFYMcwz5nUfJ3okdVcn5F () mail gmail com>
Content-Type: text/plain; charset="iso-8859-1"

Hi,

I'm having an issue trying to extract certain calls from a dump I have
already made with fairly specific criteria.

It appears it doesn't like my quotation marks I am using in my filter from
wireshark. Im a novice at using tshark so i'll explain what im trying to
achieve

input file : hammer2901b
output file: 0291400000
filter: sip.to.addr == "sip:0291400000@192.168.1.1:5060" or sip.to.addr ==
"sip:1887500434779620@123.456.123.456"

command I'm attempting to use in a linux environment:
tshark -r hammer2901b -w 0291400000 -R sip.to.addr == "
sip:0291400000@192.168.1.1:5060" or sip.to.addr ==
"sip:1887500434779620@123.456.123.456"

output always remains as: tshark: Read filters were specified both with "-R"
and with additional command-line arguments

Any advice greatly appreciated.

Regards,
Neil Fraser.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.wireshark.org/lists/wireshark-users/attachments/20110130/5a3a716
6/attachment.html>

------------------------------

Message: 3
Date: Sun, 30 Jan 2011 03:04:26 +0000
From: Alan Tu <8libra () gmail com>
To: Community support list for Wireshark
        <wireshark-users () wireshark org>
Subject: Re: [Wireshark-users] tshark: Read filters were specified
        both with "-R" and with additional command-line arguments
Message-ID:
        <AANLkTim8cvDA6d5hiD10k7BuQ32gH63GEWJF1yPgpOVV () mail gmail com>
Content-Type: text/plain; charset=ISO-8859-1

Neil, I don't have a Linux environment to play with but try
surrounding the whole display filter in a quote, like:
tshark -r hammer2901b -w 0291400000 -R "sip.to.addr ==
sip:0291400000@192.168.1.1:5060 or sip.to.addr ==
sip:1887500434779620@123.456.123.456"

Alan


On 1/30/11, Neil Fraser <cbr250 () gmail com> wrote:

Hi,

I'm having an issue trying to extract certain calls from a dump I have
already made with fairly specific criteria.

It appears it doesn't like my quotation marks I am using in my filter from
wireshark. Im a novice at using tshark so i'll explain what im trying to
achieve

input file : hammer2901b
output file: 0291400000
filter: sip.to.addr == "sip:0291400000@192.168.1.1:5060" or sip.to.addr ==
"sip:1887500434779620@123.456.123.456"

command I'm attempting to use in a linux environment:
tshark -r hammer2901b -w 0291400000 -R sip.to.addr == "
sip:0291400000@192.168.1.1:5060" or sip.to.addr ==
"sip:1887500434779620@123.456.123.456"

output always remains as: tshark: Read filters were specified both with

"-R"

and with additional command-line arguments

Any advice greatly appreciated.

Regards,
Neil Fraser.



------------------------------

Message: 4
Date: Sun, 30 Jan 2011 14:14:04 +1100
From: Neil Fraser <cbr250 () gmail com>
To: Community support list for Wireshark
        <wireshark-users () wireshark org>
Subject: Re: [Wireshark-users] tshark: Read filters were specified
        both with "-R" and with additional command-line arguments
Message-ID:
        <AANLkTinyq3NooDDpbqERMqSUvLECGSnxOkXPVmCrDkRg () mail gmail com>
Content-Type: text/plain; charset="iso-8859-1"

Hi Alan,

Thanks for your response, but unfortunately I get:

tshark: "@" was unexpected in this context.

Regards,


On Sun, Jan 30, 2011 at 2:04 PM, Alan Tu <8libra () gmail com> wrote:

Neil, I don't have a Linux environment to play with but try
surrounding the whole display filter in a quote, like:

tshark -r hammer2901b -w 0291400000 -R "sip.to.addr ==
sip:0291400000@192.168.1.1:5060 or sip.to.addr ==
sip:1887500434779620@123.456.123.456"

Alan


On 1/30/11, Neil Fraser <cbr250 () gmail com> wrote:

Hi,

I'm having an issue trying to extract certain calls from a dump I have
already made with fairly specific criteria.

It appears it doesn't like my quotation marks I am using in my filter

from

wireshark. Im a novice at using tshark so i'll explain what im trying to
achieve

input file : hammer2901b
output file: 0291400000
filter: sip.to.addr == "sip:0291400000@192.168.1.1:5060" or sip.to.addr

==

"sip:1887500434779620@123.456.123.456"

command I'm attempting to use in a linux environment:
tshark -r hammer2901b -w 0291400000 -R sip.to.addr == "
sip:0291400000@192.168.1.1:5060" or sip.to.addr ==
"sip:1887500434779620@123.456.123.456"

output always remains as: tshark: Read filters were specified both with

"-R"

and with additional command-line arguments

Any advice greatly appreciated.

Regards,
Neil Fraser.

___________________________________________________________________________

Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org
?subject=unsubscribe

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.wireshark.org/lists/wireshark-users/attachments/20110130/033b4b0
4/attachment.html>

------------------------------

Message: 5
Date: Sun, 30 Jan 2011 03:25:11 +0000
From: Alan Tu <8libra () gmail com>
To: Community support list for Wireshark
        <wireshark-users () wireshark org>
Subject: Re: [Wireshark-users] tshark: Read filters were specified
        both with "-R" and with additional command-line arguments
Message-ID:
        <AANLkTikTDsa_yPnW97MahMLf11kUsuUck16voJTLoA8L () mail gmail com>
Content-Type: text/plain; charset=ISO-8859-1

Hmm. There are a few things at play. First, your shell environment
interprets the command and arguments. Then Tshark does it too.

I am pretty certain that the display filter needs to be quoted so that
the shell will treat that whole thing as one argument. That's the way
I run my scripts.

You may want to try putting a backslash in front of the @ sign and see
if Tshark likes it better.

Try testing using a simple query (no and clauses), once you have that
working, then build the complex queries.

Alan


On 1/30/11, Neil Fraser <cbr250 () gmail com> wrote:

Hi Alan,

Thanks for your response, but unfortunately I get:

tshark: "@" was unexpected in this context.

Regards,


On Sun, Jan 30, 2011 at 2:04 PM, Alan Tu <8libra () gmail com> wrote:

Neil, I don't have a Linux environment to play with but try
surrounding the whole display filter in a quote, like:

tshark -r hammer2901b -w 0291400000 -R "sip.to.addr ==
sip:0291400000@192.168.1.1:5060 or sip.to.addr ==
sip:1887500434779620@123.456.123.456"

Alan


On 1/30/11, Neil Fraser <cbr250 () gmail com> wrote:

Hi,

I'm having an issue trying to extract certain calls from a dump I have
already made with fairly specific criteria.

It appears it doesn't like my quotation marks I am using in my filter

from

wireshark. Im a novice at using tshark so i'll explain what im trying

to

achieve

input file : hammer2901b
output file: 0291400000
filter: sip.to.addr == "sip:0291400000@192.168.1.1:5060" or sip.to.addr

==

"sip:1887500434779620@123.456.123.456"

command I'm attempting to use in a linux environment:
tshark -r hammer2901b -w 0291400000 -R sip.to.addr == "
sip:0291400000@192.168.1.1:5060" or sip.to.addr ==
"sip:1887500434779620@123.456.123.456"

output always remains as: tshark: Read filters were specified both with

"-R"

and with additional command-line arguments

Any advice greatly appreciated.

Regards,
Neil Fraser.

___________________________________________________________________________

Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org
?subject=unsubscribe

------------------------------

Message: 6
Date: Sun, 30 Jan 2011 15:06:43 +1100
From: Neil Fraser <cbr250 () gmail com>
To: Community support list for Wireshark
        <wireshark-users () wireshark org>
Subject: Re: [Wireshark-users] tshark: Read filters were specified
        both with "-R" and with additional command-line arguments
Message-ID:
        <AANLkTimQW=iK7u=dfi1Z-4Wbmj5nAJ_vDorY++ZyK9r3 () mail gmail com>
Content-Type: text/plain; charset="iso-8859-1"

Thanks, it looks like i'm having success by using:

tshark -r hammer2901b -w 0291400000 -R "sip.To contains 0291400000 or sip.To
contains 1887500412000000"

By using contains rather than == I was able to simplify the query (and get
rid of that annoying @) but still get get the same results.

We have a saying here in Australia: K.I.S.S. "keep it simple stupid", it
appears I was trying to be too complex.

Thanks again for your advice.

Best regards,
Neil Fraser

On Sun, Jan 30, 2011 at 2:25 PM, Alan Tu <8libra () gmail com> wrote:

Hmm. There are a few things at play. First, your shell environment
interprets the command and arguments. Then Tshark does it too.

I am pretty certain that the display filter needs to be quoted so that
the shell will treat that whole thing as one argument. That's the way
I run my scripts.

You may want to try putting a backslash in front of the @ sign and see
if Tshark likes it better.

Try testing using a simple query (no and clauses), once you have that
working, then build the complex queries.

Alan


On 1/30/11, Neil Fraser <cbr250 () gmail com> wrote:

Hi Alan,

Thanks for your response, but unfortunately I get:

tshark: "@" was unexpected in this context.

Regards,


On Sun, Jan 30, 2011 at 2:04 PM, Alan Tu <8libra () gmail com> wrote:

Neil, I don't have a Linux environment to play with but try
surrounding the whole display filter in a quote, like:

tshark -r hammer2901b -w 0291400000 -R "sip.to.addr ==
sip:0291400000@192.168.1.1:5060 or sip.to.addr ==
sip:1887500434779620@123.456.123.456"

Alan


On 1/30/11, Neil Fraser <cbr250 () gmail com> wrote:

Hi,

I'm having an issue trying to extract certain calls from a dump I

have

already made with fairly specific criteria.

It appears it doesn't like my quotation marks I am using in my filter

from

wireshark. Im a novice at using tshark so i'll explain what im trying

to

achieve

input file : hammer2901b
output file: 0291400000
filter: sip.to.addr == "sip:0291400000@192.168.1.1:5060" or

sip.to.addr

==

"sip:1887500434779620@123.456.123.456"

command I'm attempting to use in a linux environment:
tshark -r hammer2901b -w 0291400000 -R sip.to.addr == "
sip:0291400000@192.168.1.1:5060" or sip.to.addr ==
"sip:1887500434779620@123.456.123.456"

output always remains as: tshark: Read filters were specified both

with

"-R"

and with additional command-line arguments

Any advice greatly appreciated.

Regards,
Neil Fraser.

___________________________________________________________________________

Sent via:    Wireshark-users mailing list <

wireshark-users () wireshark org>

Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org
?subject=unsubscribe

___________________________________________________________________________

Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org
?subject=unsubscribe

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.wireshark.org/lists/wireshark-users/attachments/20110130/34fa01f
b/attachment.html>

------------------------------

Message: 7
Date: Sun, 30 Jan 2011 16:21:53 +1100
From: Martin Visser <martinvisser99 () gmail com>
To: Community support list for Wireshark
        <wireshark-users () wireshark org>
Subject: Re: [Wireshark-users] how to analyze udp streams of skype
        chat
Message-ID:
        <AANLkTinhXUoNkmLbwhceOU2pGwuFyifaYH1_EvwqnVvi () mail gmail com>
Content-Type: text/plain; charset=UTF-8

Vineeth,

I think you have you work cut out for you. Skype is a proprietary,
unpublished protocol. Skype uses its own encryption scheme to boot.

As such you can't really tell a request from a response, (if there is
any), so I really think you won't get very far.

If this is the beginnings of some sort of research project into voice
quality of service, you probably want to concentrate on looking at
more open protocols.

Regards, Martin

MartinVisser99 () gmail com



On 29 January 2011 05:39, Vineeth <grittygeek () gmail com> wrote:

Hello all,

I have a capture file of a group chat in skype between three persons. I

have

to measure the latency of the packet from source to destination and for
which I need their time stamps. I see that all my voice chat follow the

udp

protocol and I am not able to find their time stamps. I just find the
arrival time of the packet and not the time at which the packet was send
from the destination. I believe the udp message must be converted to RTP

in

order to do this analysis am I right? If not can some one tell me a better
way?

I am basically trying to collect a real time data of how users chat when

it

comes to a group conversation.

I am attaching the captured file with this email. Any help is appreciated.

Thank You

Vineeth

___________________________________________________________________________

Sent via: ? ?Wireshark-users mailing list <wireshark-users () wireshark org>
Archives: ? ?http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
? ? ? ? ? ?

mailto:wireshark-users-request () wireshark org?subject=unsubscribe



------------------------------

Message: 8
Date: Sat, 29 Jan 2011 21:26:42 -0800 (PST)
From: vincent paul <amoteluro () yahoo com>
To: Community support list for Wireshark
        <wireshark-users () wireshark org>
Subject: Re: [Wireshark-users] tcp.time_delta column with tshark
Message-ID: <814407.71578.qm () web111406 mail gq1 yahoo com>
Content-Type: text/plain; charset="iso-8859-1"

Thank you?Sake and J.Snelders for your quick and precious? help.

Best Regards,
PV

NOTE: Any idea how to see the packets' content between client and its proxy
(not
web server)




________________________________
From: Sake Blok <sake () euronet nl>
To: Community support list for Wireshark <wireshark-users () wireshark org>
Sent: Sat, January 29, 2011 8:24:21 AM
Subject: Re: [Wireshark-users] tcp.time_delta column with tshark

On 29 jan 2011, at 16:52, j.snelders wrote:

On Sat, 29 Jan 2011 00:26:40 -0800 (PST) vincent paul wrote:


1) I try to use tshark to export a capture into csv file.? I use -T

fields

-E
separator=, -e tcp.time_delta.......? I could see other column data but

not


tcp.time_delta .? Any idea.


No, but it does print the frame.time_delta
$ tshark -r test.pcap -T fields -E separator=, -e frame.number -e
frame.time_delta


In order to be able to use tcp.time_relative and tcp.time_delta, you will
need
to enable TCP timestamps. This is disabled by default (for performance
optimization).

You can check whether tshark is using TCP timestamps:

$ tshark -G currentprefs | grep tcp.calculate_timestamps
tcp.calculate_timestamps: TRUE
$

If you want to enable them, use:

tshark -o cp.calculate_timestamps:TRUE -r <file> -T fields -e ... -e
tcp.time_delta -e ...

Cheers,


Sake

___________________________________________________________________________
Sent via:? ? Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:? ? http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
? ? ? ? ? ? mailto:wireshark-users-request () wireshark org?subject=unsubscribe



     
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.wireshark.org/lists/wireshark-users/attachments/20110129/3ee5045
a/attachment.html>

------------------------------

Message: 9
Date: Sun, 30 Jan 2011 10:20:57 +0100
From: Sake Blok <sake () euronet nl>
To: Community support list for Wireshark
        <wireshark-users () wireshark org>
Subject: Re: [Wireshark-users] tshark: Read filters were specified
        both with       "-R" and with additional command-line arguments
Message-ID: <795C4DC1-00A4-4CE7-9A6A-2669597D436C () euronet nl>
Content-Type: text/plain; charset=us-ascii

On 30 jan 2011, at 03:58, Neil Fraser wrote:

command I'm attempting to use in a linux environment:
tshark -r hammer2901b -w 0291400000 -R sip.to.addr ==

"sip:0291400000@192.168.1.1:5060" or sip.to.addr ==
"sip:1887500434779620@123.456.123.456"


output always remains as: tshark: Read filters were specified both with

"-R" and with additional command-line arguments

That is because tshark will interpret this as "-R sip.to.addr" and use the
rest of the commandline arguments as a read filter. So either you drop the
-R or you have to make sure that the argument after -R is one string. You
can do this by placing the whole filter within single quotes:

-R 'sip.to.addr == "sip:0291400000@192.168.1.1:5060" or sip.to.addr ==
"sip:1887500434779620@123.456.123.456" '

Cheers,
Sake

------------------------------

Message: 10
Date: Sun, 30 Jan 2011 19:42:19 +1000
From: Martin Visser <martinvisser99 () gmail com>
To: Community support list for Wireshark
        <wireshark-users () wireshark org>
Subject: Re: [Wireshark-users] tcp.time_delta column with tshark
Message-ID:
        <AANLkTi=d2W-+SUM=mfG3UkXyQDY_h48aYCDVTW=9-aiZ () mail gmail com>
Content-Type: text/plain; charset=UTF-8

If you capture traffic on your network  on or in the path between the
client and proxy, you will see see the HTTP proxy traffic. HTTP
traffic direct to the web-server or via a proxy are fundamentally the
same - the proxy just has to handle the edge conditions a little
differently.

Regards, Martin

MartinVisser99 () gmail com



On 30 January 2011 15:26, vincent paul <amoteluro () yahoo com> wrote:

Thank you?Sake and J.Snelders for your quick and precious? help.

Best Regards,
PV

NOTE: Any idea how to see the packets' content between client and its

proxy

(not web server)

________________________________
From: Sake Blok <sake () euronet nl>
To: Community support list for Wireshark <wireshark-users () wireshark org>
Sent: Sat, January 29, 2011 8:24:21 AM
Subject: Re: [Wireshark-users] tcp.time_delta column with tshark

On 29 jan 2011, at 16:52, j.snelders wrote:

On Sat, 29 Jan 2011 00:26:40 -0800 (PST) vincent paul wrote:


1) I try to use tshark to export a capture into csv file.? I use -T
fields
-E
separator=, -e tcp.time_delta.......? I could see other column data but

not


tcp.time_delta .? Any idea.


No, but it does print the frame.time_delta
$ tshark -r test.pcap -T fields -E separator=, -e frame.number -e
frame.time_delta


In order to be able to use tcp.time_relative and tcp.time_delta, you will
need to enable TCP timestamps. This is disabled by default (for

performance

optimization).

You can check whether tshark is using TCP timestamps:

$ tshark -G currentprefs | grep tcp.calculate_timestamps
tcp.calculate_timestamps: TRUE
$

If you want to enable them, use:

tshark -o cp.calculate_timestamps:TRUE -r <file> -T fields -e ... -e
tcp.time_delta -e ...

Cheers,


Sake

___________________________________________________________________________

Sent via:? ? Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:? ? http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
? ? ? ? ? ?

mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________

Sent via: ? ?Wireshark-users mailing list <wireshark-users () wireshark org>
Archives: ? ?http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
? ? ? ? ? ?

mailto:wireshark-users-request () wireshark org?subject=unsubscribe



------------------------------

Message: 11
Date: Sun, 30 Jan 2011 16:55:58 +0530
From: NISHANT BULCHANDANI <nbulchandani () gmail com>
To: wireshark-users () wireshark org
Subject: [Wireshark-users] WIRESHARK EVENT IN A TECHFEST
Message-ID:
        <AANLkTim_a8qkx5byO-zHNCeVmh5AOuaCtgMGa9LZOuSg () mail gmail com>
Content-Type: text/plain; charset="iso-8859-1"

Hello everyone,
I am a student at SASTRA UNIVERSITY,Thanjavur,TamilNadu,INDIA.We are
organising an event based on Wireshark in our techfest this year.
Any one who is intrested please check out the link:
<http://www.daksh.sastra.edu/events.php#events/comp>
http://www.daksh.sastra.edu/events.php#events/comp
The Event name is CONNECXIONS.
Any suggestions for the event are also welcome.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.wireshark.org/lists/wireshark-users/attachments/20110130/dc17233
d/attachment.html>

------------------------------

Message: 12
Date: Sun, 30 Jan 2011 19:12:55 +0000
From: nangergong <nangergong () gmail com>
To: wireshark-users () wireshark org
Subject: [Wireshark-users] about the VOIP bandwidth
Message-ID:
        <AANLkTikoLJkWQN4KPPrEKs-NUVr_j=HWNqZhXWej7EZz () mail gmail com>
Content-Type: text/plain; charset="iso-8859-1"

Hi, all:

  I'm using wireshark to capture VOIP streams, the Codec used in the VOIP
session is G711, which uses bandwidth of 64kbps.

  When I follow the following steps to analyse the VOIP streams:

  Telephony->RTP->show all streams->Analyze,

  I found that the IP BW (bandwidth) column shows that the bandwidth is
about 81.6 kbps.   I also used a traffic monitoring program to monitor the
traffic, which shows the bandwidth used is about 64kbps (conformant to G711
bit rate ). So, I wonder whether wireshark is accurate in measuring the
bandwidth? or even other metrics such as jitter,etc..

  Thank you!
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.wireshark.org/lists/wireshark-users/attachments/20110130/c7dcbc0
f/attachment.html>

------------------------------

Message: 13
Date: Sun, 30 Jan 2011 19:14:28 +0000
From: nangergong <nangergong () gmail com>
To: Community support list for Wireshark
        <wireshark-users () wireshark org>
Subject: Re: [Wireshark-users] how to analyze udp streams of skype
        chat
Message-ID:
        <AANLkTinb9+BLk4YKO1c95_skpTAjPFszPfeC6ZXsyjMG () mail gmail com>
Content-Type: text/plain; charset="iso-8859-1"

I used an open source program to do VOIP tests.
Do you have any idea on how to measure the delays?



On Sun, Jan 30, 2011 at 5:21 AM, Martin Visser
<martinvisser99 () gmail com>wrote:

Vineeth,

I think you have you work cut out for you. Skype is a proprietary,
unpublished protocol. Skype uses its own encryption scheme to boot.

As such you can't really tell a request from a response, (if there is
any), so I really think you won't get very far.

If this is the beginnings of some sort of research project into voice
quality of service, you probably want to concentrate on looking at
more open protocols.

Regards, Martin

MartinVisser99 () gmail com



On 29 January 2011 05:39, Vineeth <grittygeek () gmail com> wrote:

Hello all,

I have a capture file of a group chat in skype between three persons. I

have

to measure the latency of the packet from source to destination and for
which I need their time stamps. I see that all my voice chat follow the

udp

protocol and I am not able to find their time stamps. I just find the
arrival time of the packet and not the time at which the packet was send
from the destination. I believe the udp message must be converted to RTP

in

order to do this analysis am I right? If not can some one tell me a

better

way?

I am basically trying to collect a real time data of how users chat when

it

comes to a group conversation.

I am attaching the captured file with this email. Any help is

appreciated.


Thank You

Vineeth

___________________________________________________________________________

Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org

<mailto:wireshark-users () wireshark org%0b>


Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org

?subject=unsubscribe

___________________________________________________________________________

Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org
?subject=unsubscribe

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.wireshark.org/lists/wireshark-users/attachments/20110130/1b2c412
7/attachment.html>

------------------------------

_______________________________________________
Wireshark-users mailing list
Wireshark-users () wireshark org
https://wireshark.org/mailman/listinfo/wireshark-users


End of Wireshark-users Digest, Vol 56, Issue 26
***********************************************

  _____  

No virus found in this message.
Checked by AVG - www.avg.com
Version: 10.0.1204 / Virus Database: 1435/3412 - Release Date: 01/30/11

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

how to analyze udp streams of skype chat Vineeth (Jan 29)
- Re: how to analyze udp streams of skype chat Martin Visser (Jan 29)
  - Re: how to analyze udp streams of skype chat nangergong (Jan 30)
- <Possible follow-ups>
- Re: how to analyze udp streams of skype chat Vineeth Rakesh (Jan 31)