NETW 250 Week 3 iLab Observing VoIP Protocols Using Wireshark

Description

Rating 5 A+ Original!

NETW 250 Week 3 iLab Observing VoIP Protocols Using Wireshark

Introduction

In this iLab, students will use Wireshark, a packet analyzer, to view the following information exchanged between two software IP phones (i.e., VoIP terminals).

·RTP and RTCP packets that are exchanged when a VoIP call is in session

·SIP messages that are exchanged during the call setup and teardown

By analyzing the captured voice packets, students are expected to reinforce their understanding on how audio is transmitted by VoIP applications on the IP network and the VoIP call process using Session Initiation Protocol (SIP).

iLab environment

There are two options for accessing Wireshark:

1.Log into the Citrix environment at http://iLab.devry.edu

2.Download a copy of Wireshark from https://www.Wireshark.org/

Option 1 provides the flexibility of accessing the iLab environment wherever there is an Internet connection. Option 2 provides the convenience of having all files on a local computer. Although the rest of the instructions are designed for Option 1, they can be easily adapted for Option 2.

Task 1: Download and unzip Wireshark capture files

If this is your first time using the Citrix platform, please refer to the iLab section under Course Home of your course shell for more details. There are two common problems: downloading and installing the Citrix client, and locating the local drive from the Citrix platform.

If the client is not properly downloaded and installed, switching to the IE browser helps. When opening files in Wireshark on the Citrix platform, click the “Look in:” drop-down menu and view each disk option (e.g, D$(\\Client) (U:) and C$(\\Client)(V:)) under Computer. One of them is going to be your local drive.

1.Log in to the Citrix environment at http://iLab.devry.edu.

2.Enter Wireshark in the search box (looking for the magnifying glass) on the top right corner of the window.

3.Click on the Wireshark application and install an icon on the desktop.

4.Double-click the Wireshark icon and launch the application.

5.Go to Doc Sharing in your course shell, download and unzip (right-click on the zipped file and choose Extract All…) the Wireshark capture files iLab3CaptureOne.zip and iLab3CaptureTwo.zip.

Task 2: Filter and examine RTP packets

1.On the Wireshark menu bar as shown on the right, click File and Open. Locate the unzipped file iLab3CaptureOne.pcapng and click the Open button.

2.Locate the “Filter:” box under the menu bar. It’s used to retrieve packets of interest based on different parameters such as protocol, IP address, source IP address, etc.

3.In the “Filter:” box, enter string “ip.src = = 10.13.40.117 && rtp” without the double quotation marks. The background of the filter box should be green. If it’s red, the syntax of the string is wrong. There is no space between the two “=” symbols and between the two “&” symbols. Press the Enter key or click the Apply button next to the filter field to apply the filter.

4.The filter in Step 3 displays RTP packets transmitted from the VoIP terminal with IP address 10.13.40.117.

5.Go to the Packet List section (i.e., the top section) of the Wireshark window. Scroll down and highlight one of the RTP packets.

6.In the Tree View section (i.e., the middle section), click on the plus box next to the Real-Time Transport Protocol header and expand it.

·What’s the value of the Payload type field? _____

·What’s the value of the Sequence number field? _____

·What’s the value of the Timestamp field? _____

Note these values should be found in the packet you choose. The diagram above is for demonstration purposes.

    ·Transfer your answers to the lab report document.

    ·Capture a screenshot of the Wireshark window with RTP header details above, and paste the image into the lab report document.

7.Go back to the Packet List section, and select the next RTP packet. In the Tree View section, click on the plus box next to the Real-Time Transport Protocol header and expand it.

·What’s the value of the Payload type field? _____

·What’s the value of the Sequence number field? _____ (Hint: This number should be one up the previous sequence numbers; otherwise, you chose the wrong packet.)

·What’s the value of the Timestamp field? _____

·Subtract the timestamp value from Step 6 from the timestamp value here to determine the unit of time contained in each packet. _____

·The captured call in this iLab uses the default G.711 codec, which generates 8,000 samples every second. Typically, the RTP timestamp clock rate is the same as the sampling rate. Therefore, the RTP timestamp clock increments once for each byte or sample.

·If each increment of the RTP timestamp clock (i.e., one unit) represents 1/8,000 of a second, how many milliseconds of conversation are carried in each RTP packet? _____

·Given the payload bit rate of G.711 codec as 8,000 bits per second, the payload size in milliseconds calculated above can also be represented in _____ bits or _____ bytes.

    ·Transfer your answers to the lab report document.

    ·Capture a screenshot of the Wireshark window with RTP header details above, and paste the image into the lab report document.

8.Go back to the Packet List section and highlight any RTP packet. In the Tree View section, minimize all headers by clicking on all minus boxes.

·What’s the protocol header shown on top of Real-time Transport Protocol? _____

·What’s the next protocol header shown above that? _____

9.In the same Tree View section, click on the plus box next to the Internet Protocol Version 4 header and expand it.

·What’s the value (in bytes) of the Header length field? _____

·What’s the value (in bytes) of the Total length field? _____

·Subtract from the Total length: 20 bytes for IP header, 8 bits for UDP header, and 12 bytes for RTP header. What’s the payload length in bytes? _____

·Does the payload length in bytes match the payload size in bytes in Step 6? _____

    ·Transfer your answers to the lab report document.

    ·Capture a screenshot of the Wireshark window with RTP header details above, and paste the image into the lab report document.

Task 3: Filter and examine RTCP packets

1.In the “Filter:” box, enter string “ip.src = = 10.13.40.117 && rtcp” without the double quotation marks. The background of the filter box should be green. If it’s red, the syntax of the string is wrong. There is no space between the two “=” symbols and between the two “&” symbols. Press the Enter key or click the Apply button next to the filter field to apply the filter.

2.The filter in the previous step only displays RTCP packets transmitted from the VoIP terminal with IP address 10.13.40.117.

3.In the Packet List section, click on the “No.” column so its values are shown in an ascending order.

4.In the same section, highlight a RTCP Sender Report packet (looking in the Info column).

5.In the Tree View section below, click on the plus box next to the Real-rime Transport Control Protocol (Sender Report) header and expand it.

·What’s the RTP time stamp? _____

·What’s the NTP time stamp? _____ The NTP time stamp is the wall clock time when this Sender Report packet was sent.

·What’s the value of the Sender’s packet count field? _____ This is the number of packets sent since starting transmission, up until the time this Sender Report packet was generated.

6.Click on plus boxes to expand the Source 1 header and SSRC contents.

·What’s the value of the Fraction Lost field? _____

·What’s the value of the interarrival jitter field? _____

·Each unit of the interarrival jitter value typically approximates 1/400 of a millisecond. If the value of the interarrival jitter here is 1 (unit), what’s the interarrival jitter in milliseconds? _____

    ·Transfer your answers to the lab report document.

    ·Capture a screenshot of the Wireshark window with RTCP header details above, and paste the image into the lab report document.

7.Click through the rest of the RTCP Sender Report packet.

·Does the packet loss ratio change? _____

·Does the interarrival jitter value change? _____

·Based on its codec, loss ratio, and interarrival jitter value, where did this captured call most likely occur, on a private LAN or a public WAN? _____

·Transfer your answers to the Lab Report Document.

Task 4: Filter and examine SIP messages

1.On the Wireshark menu bar, click File and Open. Locate the unzipped file iLab3CaptureTwo.pcapng on your local disk and click the Open button. You should have downloaded and unzipped both capture files after completing Task 1.

2.In the “Filter:” box, enter string “ip.addr = = 10.13.40.118 && sip” without the double quotation marks. The background of the filter box should be green. If it’s red, the syntax of the string is wrong. There is no space between the two “=” symbols and between the two “&” symbols. Press the Enter key or click the Apply button next to the filter field to apply the filter.

3.The filter in Step 2 displays SIP messages transmitted from and received by the VoIP terminal with IP address 10.13.40.118.

4.In the Packet List section, locate and highlight the second INVITE message by looking in the Info column. An INVITE message originates call setup.

5.In the Tree View section, expand the Session Initiation Protocol header and then Message Header to locate the following information. (Hint: To copy the value of a field directly from Wireshark, right-click on a field, choose Copy, and then choose Value. Right-click in this document and paste the clipboard content here.)

·Request line: _____

·Via: _____ Max-Forwards: _____

·From: _____ tag = _____

·To: _____

·Call-ID: _____

·Allow: _____

·Content-Type: _____

6.Assume the following information.

·The caller (extension x3883) terminal IP address: 10.13.40.118

·The callee (extension x3966) terminal IP address: 10.13.40.117

·The SIP or VoIP server IP address: 10.13.40.102

7.Compare IP addresses in Step 6 to addresses in the “From:”; “To:”; and “Via:” fields in Step 5. What is the role of the VoIP server in delivering this INVITE message? _____

8.The Max-Forwards field of the INVITE message contains an integer value that limits the number of hops a request can make on its way to the destination proxy server. Its value decreases by 1 at each hop.

Remember that the Time to Live (TTL) value of an IP packet limits the number of hops an IP packet can make on its way to the destination router. Here, what does a hop in the Max-Forwards field refer to? _____

    ·Transfer your answers to the lab report document.

    ·Capture a screenshot of the Wireshark window with SIP INVITE message details above, and paste the image into the lab report document.

9.In the same Tree View section, minimize Message Header by clicking on the minus box next to it. Click on the plus box next to Message Body and then click on the plus box next to the Session Description Protocol header.

The SDP message contains a proposed description of the session. You should see several Media Attribute values listed in the SDP header. Record the audio codec values from Media Attribute fields here: _____.

If you are not sure about the correct answer, locate the Media Description field above and you should see the same list of audio codecs specified there (their names could be slightly different).

    ·Transfer your answers to the lab report document.

    ·Capture a screenshot of the Wireshark window with SDP header details above, and paste the image into the lab report document.

10.SIP response messages start with a status line instead of request line as the INVITE method message does. A status line consists of the protocol version, a numeric status code, and its corresponding textual phrase. The code and phrase indicate the outcome of an attempt to serve a request.

In the Packet List section, locate and highlight the 100 Trying message by looking in the Info column. The 100 Trying message indicates that the request has been received by the next-hop proxy or VoIP server and unspecified actions are taking place (i.e., “hey, wait here until I have more to tell you”).

$20.00

Buyers’ reviews (0)

No reviews. Be the first to write one!