Wireshark-users: Re: [Wireshark-users] Huge VoIP Problem :(
From: Mark Jeffers <mantramark@xxxxxxxxx>
Date: Fri, 19 Jun 2009 09:03:29 -0400
Hi all,
 
Thanks so much for all the ideas.  I'm going to try some of your suggestions this morning and report back later.
 
Jehanzeb, here's the link: http://www.linuxjournal.com/article/9398

Cheers all,
mj
 
On Fri, Jun 19, 2009 at 12:23 AM, Jehanzeb Khan <jehanzeb.khan@xxxxxxxxx> wrote:
Hi Mark
 I am afraid i cant be much help but would it be possible for you to share the troubleshooting article you mentioned?
 
So I'm relatively new to both VoIP and hardcore packet analysis, but I found an excellent article on troubleshooting VoIP using wireshark and followed instructions.
 
Regards
Jehanzeb


From: Mark Jeffers <mantramark@xxxxxxxxx> Sent: Wednesday, June 17, 2009 10:31:32 PM

Subject: [Wireshark-users] Huge VoIP Problem :(

We've been having a terrible time with a new VoIP system on our network.
The phone system is manufactured by Allworx - it is tied to the outside world with a standard PRI, so the only IP portion of calls takes place between our LAN phone server and the IP extensions.
 
Several of the extensions are having packet loss problems resulting in echoes, "static", dropped audio, etc.  The problems are intermittent and jump around to different phones on the network.
 
The switches we are using are Dell 3548P PowerConnects.   I've configure the network to use two VLANs - one for phone, one for everything else - and used VLAN tagging and CoS to prioritize VoIP traffic.   I've actually combed through the configs with a Dell engineer, and we're good there.
 
So I'm relatively new to both VoIP and hardcore packet analysis, but I found an excellent article on troubleshooting VoIP using wireshark and followed instructions.
 
I mirrored one of the Trunk ports on the switch to my laptop, configured Wireshark to filter out all but UDP packets and let it run for about an hour. 
The results are horrible... I've attached screenshot images so you guys might be able to help me figure this out.
When I ran an RTP Stream analysis, there were blocks of sessions where several of them had "Max Delta" in the thousands (some in the 9000s), resulting in 90+% packet loss!  See Image1,jpg  
I drilled down into one of the streams to see a bunch of "Wrong Sequence nr" messages - See Image2.jpg
I went to VoIP Calls under the statistics menu, and pulled up the same call shown in Image2 - looked fine to me, but I'm a noob - See Image3.jpg
 
I'm at a loss here.   Obviously severe network issues, or the Phone Switch is bad.   I've tried everything I can think of to no avail.  Anybody have any ideas of what might be wrong, or what further information I should gather to help pinpoint the issue?   I'm going nuts here and any help would be greatly, greatly appreciated.  :)
 
Cheers,
Mark