Open Source VoIP Traffic Monitoring



Similar documents
Open Source VoIP Traffic Monitoring

Open Source in Network Administration: the ntop Project

VoIP. Overview. Jakob Aleksander Libak Introduction Pros and cons Protocols Services Conclusion

Monitoring high-speed networks using ntop. Luca Deri

Application Notes. Introduction. Contents. Managing IP Centrex & Hosted PBX Services. Series. VoIP Performance Management. Overview.

Receiving the IP packets Decoding of the packets Digital-to-analog conversion which reproduces the original voice stream

An Introduction to VoIP Protocols

TECHNICAL CHALLENGES OF VoIP BYPASS

Voice over IP (VoIP) Overview. Introduction. David Feiner ACN Introduction VoIP & QoS H.323 SIP Comparison of H.323 and SIP Examples

VoIP Analysis Fundamentals with Wireshark. Phill Shade (Forensic Engineer Merlion s Keep Consulting)

Delivering reliable VoIP Services

Analysis of SIP Traffic Behavior with NetFlow-based Statistical Information

International Telecommunication Union. Common VoIP Metrics. Alan Clark. CEO, Telchemy

VOIP TELEPHONY: CURRENT SECURITY ISSUES

Unit 23. RTP, VoIP. Shyam Parekh

Who is Generating all This Traffic?

Computer Networks. Voice over IP (VoIP) Professor Richard Harris School of Engineering and Advanced Technology (SEAT)

Application Notes. Introduction. Sources of delay. Contents. Impact of Delay in Voice over IP Services VoIP Performance Management.

Indepth Voice over IP and SIP Networking Course

Hands on VoIP. Content. Tel +44 (0) Introduction

B12 Troubleshooting & Analyzing VoIP

Troubleshooting Voice Over IP with WireShark

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

High-Speed Network Traffic Monitoring Using ntopng. Luca

CVOICE Exam Topics Cisco Voice over IP Exam # /14/2005

Application Latency Monitoring using nprobe

A VoIP Traffic Monitoring System based on NetFlow v9

Voice Over IP Performance Assurance

Voice over IP Basics for IT Technicians

VOICE OVER IP SECURITY

Application Note. Pre-Deployment and Network Readiness Assessment Is Essential. Types of VoIP Performance Problems. Contents

Voice Over IP. Priscilla Oppenheimer

Voice over IP. Presentation Outline. Objectives

VIDEOCONFERENCING. Video class

Software Engineering 4C03 VoIP: The Next Telecommunication Frontier

AC : A VOICE OVER IP INITIATIVE TO TEACH UNDERGRADUATE ENGINEERING STUDENTS THE FUNDAMENTALS OF COMPUTER COMMUNICATIONS

Curso de Telefonía IP para el MTC. Sesión 1 Introducción. Mg. Antonio Ocampo Zúñiga

Voice over IP (VoIP) Basics for IT Technicians

Voice over IP Networks: Ensuring quality through proactive link management

ETM System SIP Trunk Support Technical Discussion

The Triple Play Analysis Suite - VoIP. Key Features. Standard VoIP Protocol G.711 SIP RTP / RTCP. Ethernet / PPP. XDSL, Metro Ethernet

Comparison of Voice over IP with circuit switching techniques

How to make free phone calls and influence people by the grugq

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

SIP, Session Initiation Protocol used in VoIP

Integrating Voice over IP services in IPv4 and IPv6 networks

Encapsulating Voice in IP Packets

An Investigation into the Effect of Security on Performance in a VoIP Network

Monitoring Network Traffic using ntopng

Palladion Enterprise SOLUTION BRIEF. Overview

Troubleshooting Common Issues in VoIP

Internet Technology Voice over IP

VoIP and IP Telephony

FRAFOS GmbH Windscheidstr. 18 Ahoi Berlin Germany

VoIP Bandwidth Considerations - design decisions

An Oracle White Paper July Palladion Enterprise: Real-Time Voice over Internet Protocol Monitoring and Troubleshooting

SIP-H.323 Interworking

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme

White Paper. Solutions to VoIP (Voice over IP) Recording Deployment

Basic Vulnerability Issues for SIP Security

Online course syllabus. MAB: Voice over IP

Mediatrix 3000 with Asterisk June 22, 2011

Multimedia Communications Voice over IP

An Oracle White Paper July Oracle Enterprise Operations Monitor: Real-Time Voice over Internet Protocol Monitoring and Troubleshooting

VOICE OVER IP AND NETWORK CONVERGENCE

Methods for Lawful Interception in IP Telephony Networks Based on H.323

A Comparative Study of Signalling Protocols Used In VoIP

FRAFOS GmbH Windscheidstr. 18 Ahoi Berlin Germany

Service Level Agreements for VoIP Alan Clark CEO, Telchemy

Course 4: IP Telephony and VoIP

Total Recall VoIP Recording Solutions

Towards 100 Gbit Flow-Based Network Monitoring. Luca Deri Alfredo Cardigliano

Integrate VoIP with your existing network

Mediatrix 4404 Step by Step Configuration Guide June 22, 2011

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols ETSF10 Internet Protocols 2011

Understanding Voice over IP Protocols

Configure A VoIP Network

Fundamentals of VoIP Call Quality Monitoring & Troubleshooting. 2014, SolarWinds Worldwide, LLC. All rights reserved. Follow SolarWinds:

Oracle Enterprise Operations Monitor

Requirements of Voice in an IP Internetwork

Applied Networks & Security

APTA TransiTech Conference Communications: Vendor Perspective (TT) Phoenix, Arizona, Tuesday, VoIP Solution (101)

DLink-655 Router Configuration Guide for VoIP

A Voice over IP Quality Monitoring Architecture

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network

High-speed Network and Service Monitoring. Luca Deri

Project Code: SPBX. Project Advisor : Aftab Alam. Project Team: Umair Ashraf (Team Lead) Imran Bashir Khadija Akram

NAT Traversal for VoIP. Ai-Chun Pang Graduate Institute of Networking and Multimedia Dept. of Comp. Sci. and Info. Engr. National Taiwan University

Lab Introduction software Voice over IP

NetFlow: what happens in your network?

Voice over IP Probe! for Network Operators and! Internet Service Providers

Voice Over Internet Protocol (VOIP) SECURITY. Rick Kuhn Computer Security Division National Institute of Standards and Technology

Transcription:

Open Source VoIP Traffic Monitoring Luca Deri <deri@>

What is VoIP? VoIP is the routing of voice conversations over the Internet or through any other IP-based network (Wikipedia). Advantages: It allows people to talk over the Internet at low/no cost. It allows users to travel anywhere in the world and still make and receive phone calls. Seamless integration with traditional phones. Drawbacks Calls quality depend on the network speed and reliability. Most of existing telephony equipments are proprietary and hard to integrate with VoIP.

Why VoIP is a Hot Topic? Thanks to open source projects (e.g. Asterisk, Gizmo), and custom Linux distributions (e.g. Asterisk@Home) setting up a VoIP server is becoming simpler. Many modern DSL routers (e.g. Linksys, Frtiz!Box) now sport VoIP support via a telephony plug. Proprietaries VoIP systems like Skype, GoogleTalk or VoIPStunt! made VoIP very simple allowing virtually every PCuser to take advantage of VoIP. VoIP is currently integrated into many applications (e.g. Office 12) or online assistance/support (e.g. ether.com, estara.com)

Motivation for This Work Working groups (e.g http://voip.internet2.edu/, Terena TF- VVC) are mainly focusing on infrastructure. Traffic sniffers (e.g. ethereal) are suitable for analyzing specific calls and not for permanent VoIP traffic monitoring. VoIP servers (e.g. Asterisk) do not offer calls monitoring but just call info (CDR, call data record). Commercial VoIP traffic analyzers (e.g. Telchemy VQmon) are very expensive and are not easy to integrate with other tools. No specific VoIP open source traffic analyzer tools available.

Project Goals Provide long-term monitoring, contrary to what available VoIP monitoring tools do. Handling standard VoIP protocols as well, as much as possible, proprietary protocols. Decode calls, hence identify peers (who s calling who) and client applications (useful for VoIP accounting, billing or fraud detection). Provide VoIP metrics such as packet loss and latency, as well as voice quality. Generate traffic trends in order to identify how VoIP traffic is changing over the time.

Approach Being Used Enrich ntop, a home-grown open-source passive traffic monitoring application, for making it VoIP traffic aware. Define some metrics suitable for monitoring key VoIP traffic characteristics. Export VoIP measurements via Netflow [netflow] v9/ipfix, by means of nprobe. Motivation ntop users can also monitor VoIP without having to use any specialized VoIP traffic analysis application (VoIP is not a first class citizen). The use of NetFlow/IPFIX allows VoIP measurements to be made available to any netflow aware application (open design).

VoIP Basics Signaling User location Session Setup Negotiation Modification Closing Transport Encoding, transport, etc.

Standard VoIP Protocols SIP IETF - 5060/5061 (TLS) - HTTP-like, all in one Proprietary extensions Protocol becoming an architecture H.323 Protocol family ASN.1 based H.235 (security), Q.931+H.245 (management), RTP, CODECs, etc. RTP (Real Time Protocol) 5004/udp, RTCP: used to transport voice and video No QoS/bandwidth managemen Data is encoded using codecs

Proprietary VoIP Protocols Cisco Skinny Signaling protocol, easy to decode and handle. Skype and VoIPStrunt Decentralized architecture (P2P) Ability to call both users and plain phones Phone calls are both encrypted and obfuscated Totally closed source development model So far nobody had been able to decode the protocol What to do then? Fully support standard VoIP protocols. Offer as much as possible of visibility of proprietary protocols.

Monitoring Architecture Institution A GW PC GK Probe Probe Probe Collector (ntop) PSTN router Internet router Probe GW PC GK Institution B

Standard VoIP: Implemented Metrics [1/2] SIP Unique call identifier used for accounting/billing and tracking problems. Call parties: caller and called party. Codecs being used (useful for identifying voice quality issues due to the use of codecs with poor quality). Time of important call events such as beginning of the call (e.g. used to identify performance issues on the SIP gateway). RTP ports where the call will take place (used for associating a signaling flow with the phone call just negotiated). RTP Source identifiers and time-stamp for the first and last RTP flow packet. Jitter calculated in both (in to out, and out to in) directions. Number of packets lost as well as maximum packet time delta in both directions. Identifier of RTP payload type as specified in [rfc2862].

Standard VoIP: Implemented Metrics [2/2] SIP Metrics SIP_CALL_ID SIP_CALLING_PARTY SIP_CALLED_PARTY SIP_RTP_CODECS SIP_INVITE_TIME SIP_TRYING_TIME SIP_RINGING_TIME SIP_OK_TIME SIP_ACK_TIME SIP_RTP_SRC_PORT SIP_RTP_DST_PORT RTP Metrics RTP_FIRST_SSRC RTP_FIRST_TS RTP_LAST_SSRC RTP_LAST_TS RTP_IN_JITTER RTP_OUT_JITTER RTP_IN_PKT_LOST RTP_OUT_PKT_LOST RTP_OUT_PAYLOAD_TYPE RTP_IN_MAX_DELTA RTP_OUT_MAX_DELTA Note: no H.323 support (obsoleted by SIP).

NetFlow VoIP Architecture NetFlow Flows nprobe ntop http(s) Network Traffic Web Browser nprobe -n 192.168.0.1:2055 -U 257 -T "%LAST_SWITCHED % FIRST_SWITCHED %IN_BYTES %IN_PKTS %OUT_BYTES %OUT_PKTS % SIP_CALL_ID%SIP_CALLING_PARTY %SIP_CALLED_PARTY % SIP_RTP_CODECS %SIP_RTP_SRC_PORT %SIP_RTP_DST_PORT"

ntop VoIP Support: SIP/RTP

ntop VoIP Support: Skype [1/2]

ntop VoIP Support: Skype [2/2] Protocol Patterns: http://l7-filter.sourceforge.net Pattern Engine: http://www.pcre.org/

Open Issues and Future Work Skype/VoipStunt! support is poor (general problem with proprietary protocols). Implement payload analysis (e.g. of popular H.264 codec). Handle RTPC XS reports sent by telephony equipment (it contains calls information). Implement new metrics such as MOS (Mean Opinion Score) and R-Factor, used to score traffic calls quality. The drawback is that most information (e.g. ITU E.411 recommendation) is proprietary and not freely available in the internet.

Challenges in VoIP Packet Capture VoIP traffic is usually very little compared to the rest of traffic. Capture starts from filtering signaling protocols and then intercepting voice payload. BPF-like filtering is not effective (one filter only) It is necessary to add/remove filters on the fly as calls start/end. We need to have hundred of active filters (a few per call). Solution Filter packets directory on the device driver (not into the kernel layer). Implement hash/bloom based filtering (limited false positives). Memory effective (doesn t grow as filters are added). Currently implemented on Linux on Intel GE cards. Great performance (virtually no packet loss at 1 GBit): better than ncap/pf_ring! Stay tuned!

Availability Paper and Documentation: http://luca./voip.pdf Code and Applications http://www./

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information