Ethereal-dev: Re: [Ethereal-dev] Voip Calls analysis and Graph analysis

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Lars Roland <lars.roland@xxxxxxx>
Date: Sun, 30 Jan 2005 12:54:38 +0100
Hi Alejandro,

looks very promising.
it will take sometime to review the huge patch, but I'd like to get it into ethereal soon. I don't know how long it will take to get through it in my spare time. I will concentrate on the h323 and sip part. I hope others have some time to have a closer look at the GUI part, too.

Do you have some capture files, you could provide? e.g. a call with a sip and an h323 leg, or h323 gatekeeper routed call with more than one gatekeeper involved.

Regards,
Lars

Alejandro Vaquero schrieb:
Hi All,
Attached is the new "Voip call analysis" patch file and a screen shot of a SIP to H323 interop call. It is based on Francisco Alcoba source, and added support of H323, RTP and a Graph analysis. The Graph interface can also be used in other no Voip analysis.
    Here are the features:
- Collect ISUP, SIP and H323 calls from a capture and show them in window with the following info:
      - Start and Stop time of the call
- Initial Speaker: the IP source address of the first message that started the call - From and To: In H323 and ISUP, it is the calling and called number. In SIP the From and To fields.
      - Protocol: H323, SIP and ISUP (from now)
      - State: the sate of the call
- Comments: For H323, it shows if the call is a FastSatrt call and if Tunneling H245 is enable or not.
- Prepare a filter of a particular call when selected.
- Select one or multiple calls to "graph analysis"
   And the "Graph Analysis" has:
- Graph up to ten columns or "nodes". Each "node" it is defined as an IP address.
- Shows the direction of the message using arrows
- Display a "frame" label on top of the arrow, and a "comment" at the right of each packet.
- For  SIP and H323 the  "frame" label also shows the Codec used.
- The "comment" column will show different info based on the packet. For Setup and INVITE messages, it shows the calling/called number and From/To fields. For Release H323 messages, the Q931 release cause. For H225 messages, if tunneling is enable or not, and if FastStart is present in the packet. - RTP streams involved in the call. It is displayed as a wider arrow. The "frame" label also shows the Codec for the stream and the "comment" shows the number of RTP packets in this stream, the duration, and ssrc. - When "click" on a frame in the graph, the selected frame number will be selected in the Main windows.
- The graph also shows the time, and the UPD/TCP ports per frame.

I have tested it in a Windows machine using GTK 1 and 2. There is not support for ISUP calls in the Graph yet (don't have such captures).

   Comments and changes are very welcome.

Regards
Alejandro