Wireshark-dev: Re: [Wireshark-dev] question about RTP Streams
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Martin Mathieson <martin.mathieson@xxxxxxxxxxxx>
Date: Wed, 06 Sep 2006 15:35:26 +0100
The other RTCP preference you'll need to switch on is 'Show relative roundtrip calculations'. In case you don't have all of the signalling traffic present in your trace, I'd also suggest ticking 'Try to decode RTCP outside of conversations'. 

You'll only get roundtrip calculations happening if:
- both sides send sender or receiver reports
- those reports have the relevant fields properly filled in

You can detect that the calculation has been done by either:
- filtering on RTCP packets (display filter = rtcp) and looking at the info column, OR - filter directly on the calculation result (display filter = rtcp.roundtrip-delay)
If you are capturing on the same machine as one of the clients is running, you can expect to see 0 or near-0 delays to the local client, and non-0 towards the remote client. 150ms is the latency figure often quoted the maximum usable delay. Note that the figure of this calculation is a whole roundtrip, i.e. there and back...
I believe that the commonly-used, free SIP and H.323 clients don't have a good record of properly sending these reports. Please read carefully the section in the RFC and compare what it says with what you find clients are sending. 

Regards,
Martin



Andreina Toro wrote:


I´m amazed how fast you guys answer! It´s incredible!... Thank you!..
I´m not too familiarized with Wireshark so maybe my questions have simple answers.. sorry for any inconvinience.. Mr. Martin I already set the min-reported delay to 0, now where do I have to expect the changes of this preference? Another question, where using Wireshark can I see the network roundtrip delay in both directions? And one way delay should be < 150ms right? thanks a lot! Andreina On 9/6/06, *Martin Mathieson* <martin.mathieson@xxxxxxxxxxxx <mailto:martin.mathieson@xxxxxxxxxxxx>> wrote: 

    Andreina,

    If the RTP session is properly exchanging RTCP sender & receiver
    reports, wireshark can calculate the network roundtrip delay in both
    directions (i.e. the time in milliseconds it takes the RTCP reports to
    travel from the point of capture to either RTP endpoints and back
    again).  To turn this on you need to enable some RTCP protocol
    preferences (set the min-reported delay to 0).

    This calculation is described in RFC 3550, section 6.4.1.

    Regards,
    Martin

    Andreina Toro wrote:

    > Thanks Miha for your answers, they were really helpful, I have a
    > different question now. You said that /"Wireshark can not calculate
    > this end-to-end delay since the only information is has are the
    > timestamps of the packets as they were captured", /I´ve read that in
    > the RTP Header in bytes 5 to 8 there is the timestamp which
    "reflects
    > the sampling instant of the* first* octet in the RTP data
    packet. The
    > sampling instant must be derived from a clock that increments
    > monotonically and linearly in time to allow synchronization and
    jitter
    > calculations", so I don´t have clear why there is no way to
    calculate
    > the end-to-end Delay, the timestamp you refered to is the same I´m
    > talking about? or we can access manually the time of creation of
    tha
    > package and wireshark has the time of capture?. Sorry for my
    > confusion.. maybe the answer is very simple.. but I don´t see it..
    >
    > My problem is that for part of my thesis (to graduate of
    Electronical
    > Engineering) I have to mesure the Quality of Service parameters of
    > VoIP, and then when there is bad QoS activate some alarms and so
    on...
    > So I need to be able to calculate or manipulate the "delay,
    jitter and
    > packet loss" of a call (it can be a summary or an average). Do you
    > have an idea how can I solve this problem of getting the Delay
    > information?
    >
    > Thanks so much for your time,
    >
    > Regards,
    > Andreina
    >
    >
    > On 9/5/06, *Miha Jemec* <m.jemec@xxxxxxxxxxx
    <mailto:m.jemec@xxxxxxxxxxx>
    > <mailto:m.jemec@xxxxxxxxxxx <mailto:m.jemec@xxxxxxxxxxx>>> wrote:
    >
    >
    >
    >     > In Wireshark the Max Delta represents the DELAY?, are
    these concepts
    >     all right?
    >
    >     No, what you mean with DELAY is end-to-end delay which
    should be
    >     under
    >     150ms to have good quality. Wireshark can not calculate this
    >     end-to-end
    >     delay since the only information is has are the timestamps
    of the
    >     packets as they were captured. Max Delta just represents the
    >     maximum gap
    >     between two consecutive packets. In case of g.711 codec and 20ms
    >     packetization this would mean, that packets should come in
    gap of 20ms
    >     and in the ideal case, without any jitter, also the Max
    Delta would be
    >     20ms. But because of the jitter one packet will come later
    and the
    >     Max
    >     delta will increase.
    >
    >     Regarding the Max and Mean jitter be aware that jitter
    calculations
    >     follows the specification of RFC1889 saying:
    >
    >     "The interarrival jitter is calculated continuously as each data
    >       packet i is received from source SSRC_n, using this
    difference D for
    >       that packet and the previous packet i-1 in order of
    arrival (not
    >       necessarily in sequence), according to the formula
    >
    >                        J=J+(|D(i-1,i)|-J)/16
    >     "
    >
    >     in other words, what you see in the table for jitter are not
    absolute
    >     values of last two packets. Max jitter is the highest jitter
    which
    >     appeared.
    >
    >     This is how the first implementation of this function in
    ethereal
    >     worked. I didn't look in the code, but I think it is still
    more or
    >     less
    >     the same (otherwise someone will hopefully correct me).
    >
    >     Regards, Miha
    >
    >     _______________________________________________
    >     Wireshark-dev mailing list
    >     Wireshark-dev@xxxxxxxxxxxxx
    <mailto:Wireshark-dev@xxxxxxxxxxxxx>
    <mailto:Wireshark-dev@xxxxxxxxxxxxx
    <mailto:Wireshark-dev@xxxxxxxxxxxxx>>
    >     http://www.wireshark.org/mailman/listinfo/wireshark-dev
    >
    >
    >------------------------------------------------------------------------
    >
    >_______________________________________________
    >Wireshark-dev mailing list
    >Wireshark-dev@xxxxxxxxxxxxx <mailto:Wireshark-dev@xxxxxxxxxxxxx>
    >http://www.wireshark.org/mailman/listinfo/wireshark-dev
    <http://www.wireshark.org/mailman/listinfo/wireshark-dev>
    >
    >

    _______________________________________________
    Wireshark-dev mailing list
    Wireshark-dev@xxxxxxxxxxxxx <mailto:Wireshark-dev@xxxxxxxxxxxxx>
    http://www.wireshark.org/mailman/listinfo/wireshark-dev


------------------------------------------------------------------------

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev