Table of Contents for
Mastering Wireshark 2

Version ebook / Retour

Cover image for bash Cookbook, 2nd Edition Mastering Wireshark 2 by Andrew Crouthamel Published by Packt Publishing, 2018
  1. Mastering Wireshark 2
  2. Title Page
  3. Copyright and Credits
  4. Mastering Wireshark 2
  5. Packt Upsell
  6. Why subscribe?
  7. PacktPub.com
  8. Contributor
  9. About the author
  10. Packt is searching for authors like you
  11. Table of Contents
  12. Preface
  13. Who this book is for
  14. What this book covers
  15. To get the most out of this book
  16. Download the color images
  17. Conventions used
  18. Get in touch
  19. Reviews
  20. Installing Wireshark 2
  21. Installation and setup
  22. Installing Wireshark on Windows
  23. Installing Wireshark on macOS
  24. Installing Wireshark on Linux
  25. Summary
  26. Getting Started with Wireshark
  27. What's new in Wireshark 2?
  28. Capturing traffic
  29. How to capture traffic
  30. Saving and exporting packets
  31. Annotating and printing packets
  32. Remote capture setup
  33. Prerequisites
  34. Remote capture usage
  35. Summary
  36. Filtering Traffic
  37. Berkeley Packet Filter (BPF) syntax
  38. Capturing filters
  39. Displaying filters
  40. Following streams
  41. Advanced filtering
  42. Summary
  43. Customizing Wireshark
  44. Preferences
  45. Appearance
  46. Layout
  47. Columns
  48. Fonts and colors
  49. Capture
  50. Filter buttons
  51. Name resolution
  52. Protocols
  53. Statistics
  54. Advanced
  55. Profiles
  56. Colorizing traffic
  57. Examples of colorizing traffic
  58. Example 1
  59. Example 2
  60. Summary
  61. Statistics
  62. TCP/IP overview
  63. Time values and summaries
  64. Trace file statistics
  65. Resolved addresses
  66. Protocol hierarchy
  67. Conversations
  68. Endpoints
  69. Packet lengths
  70. I/O graph
  71. Load distribution
  72. DNS statistics
  73. Flow graph
  74. Expert system usage
  75. Summary
  76. Introductory Analysis
  77. DNS analysis
  78. An example for DNS request failure
  79. ARP analysis
  80. An example for ARP request failure
  81. IPv4 and IPv6 analysis
  82. ICMP analysis
  83. Using traceroute
  84. Summary
  85. Network Protocol Analysis
  86. UDP analysis
  87. TCP analysis I
  88. TCP analysis II
  89. Graph I/O rates and TCP trends
  90. Throughput
  91. I/O graph
  92. Summary
  93. Application Protocol Analysis I
  94. DHCP analysis
  95. HTTP analysis I
  96. HTTP analysis II
  97. FTP analysis
  98. Summary
  99. Application Protocol Analysis II
  100. Email analysis
  101. POP and SMTP
  102. 802.11 analysis
  103. VoIP analysis
  104. VoIP playback
  105. Summary
  106. Command-Line Tools
  107. Running Wireshark from a command line
  108. Running tshark
  109. Running tcpdump
  110. Running dumpcap
  111. Summary
  112. A Troubleshooting Scenario
  113. Wireshark plugins
  114. Lua programming
  115. Determining where to capture
  116. Capturing scenario traffic
  117. Diagnosing scenario traffic
  118. Summary
  119. Other Books You May Enjoy
  120. Leave a review - let other readers know what you think

VoIP playback

In this section, we'll reconstruct and play back VoIP calls and listen to quality issues.

What we'll do is use the same magicJack call that was used in the previous section.

One of the really great features of Wireshark, in addition to all of its many filters and statistics and graphs that it can create, is that it has the ability to play back voice traffic. Some people might find this kind of creepy if you're an end user, that you can listen to someone's phone call, but it is data. Just like we can read all of these commands back and forth, we can read the username and password if it's unencrypted; if the SIP traffic is also unencrypted then we can listen to the phone call, too, just because it's standard data; it just happens to be voice traffic. We can do that in Wireshark very easily.

In order to do that, we opened up our call. We simply go to Telephony | VoIP Calls, and select the call:

After selecting the call, click on Play Streams. And when you click on that, you'll see a histogram of exactly what's going on in the voice call:

This alone may be able to tell you something about what's going on, once you get used to what certain things look like. If it's a phone that's ringing, or actual words and discussions, you might be able to pick that out just by looking at the histogram shown in the preceding screenshot. And then, of course, you can select one side or the other to bring it to your attention, so you can see what might be occurring on one of these channels or the other, whether it's the source to destination or the destination to the source from one phone to another. What we can do is, leave everything as default, and go ahead and click on the play button.

You can hear the phone ringing, after which it says Test, 1, 2, 3.

You'll see that it played back the audio of the phone call. It played back both directions of that phone call, so we got to hear both the sender side and the receiver side. So, what we had first in the top was one side of the conversation, and then below it is the other side of the conversation. So, that's very useful, to be able to actually hear both sides of the call at the same time. That way, if one user is complaining about something and the other one isn't, you can actually listen to that as if you had both telephones up to both of your ears at the same time.

What you can also do is adjust the jitter in the player, and listen to what that might sound like and what kind of problems might occur.

Now, you will notice that the preceding graph was real-time, and as the audio plays, you will see the playback line go across. This is a relatively clean capture. If there are any problems in the capture, they will show up on this graph, and you'll see them begin to occur as you change things such as the Jitter Buffer. So what we'll do is we'll drop that down to something very low, let's say 5:

You can already see that we have some silence that was created, as well as some additional errors. If we zoom in, we have some jitter drops that have also been created, and we've actually manufactured some problems in our connection:

And, if you zoom out far enough, you'll see there's that initial ringtone that occurred, which was off screen before:

Now that we've inserted all of these problems in our packet capture, let's go ahead and play it.

You can hear the phone ringing and it says Test 1, 2, 3.

This time you should be able to hear that difference. In the beginning of the phone call, we had a bit of a crackly sound. As the phone was ringing we also had some kind of dropped packets there; you could hear it kind of was crackly and didn't sound that great. And the voice in the beginning there also had some words that were kind of clipped and missing. Additionally, one side is completely silent. If you remember looking at the histogram, there was a duplicate of each word in the test 1, 2, 3. One side is now completely silent; it's dropping all of that and is now completely missed because there are too many problems in the jitter. So this is a great tool to use to be able to recreate different problems and be able to listen to what they actually sound like in real life.