You are on page 1of 7

>Inetrim Report 3 1

Performance analysis of open source solutions using


Wireshark
Koolwal Jai ,Pal Sumalya

Electrical and Computer Science Engineering department.


University Of Florida

this project we are using Wireshark on Ubuntu Karmic Koala
Abstract— The goal of this project is to form a detailed analysis of platform for analyzing SIP protocol for various soft phones
Multi point video, audio, text and collaboration softwares like the used by industries as well as individuals in modern times.
Ekiga , Empathy, Twinkle & BigBlueButton ; and will be
completing a survey, comparing them on issues like robustness in
call quality, video quality in one to one as well as conference mode II. SCHEME OF THE PROJECT
, for this purpose we shall deploy the WIRESHARK (packet sniffer In this project we will be analyzing the different SIP/VOIP
for Linux) and building on the data collected we shall have a better solutions using Wireshark that are available in the market and
comparative understanding about the performance of these
then give a detailed report on the QoS (quality of service) as a
softwares in different open source environments like UBUNTU
comparison for all these solutions. The solutions that we will
9.10 – JAUNTY BUILD Karmic Koala & Open Suse 11.2.
test are:

KeyWords-wireshark,bigbluebutton,ekiga,empathy, twinkle, Cent 1. Empathy: This is an instant messaging client which


OS, packet, networking, linux, alpine linux, fedora, ubuntu,Voip, supports text, voice, video, file transfers, and inter-
web conference, data, Multi point video, audio, text application communication over various IM
protocols.
Empathy also provides a collection of re-usable
Graphical User Interface widgets for developing
instant messaging clients for the GNOME desktop.
I. INTRODUCTION It is written as extension to the Telepathy
In modern times when there is financial turmoil, the industries framework, for connecting to different instant
are looking for ways to grade down the costs in view of messaging networks with a unified user interface.
sustaining their profits. One way to cut down their cost is Empathy has been included in the GNOME
cheap or rather cost less alternatives for hard line telephones. desktop since version
Hence Soft phones has gained enormous popularity. Using
Soft Phones the industries can set up telephony systems that 2. Ekiga : This was formerly called gnome is a VoIP
will help them curb down their call costs. Also in recent times and video conferencing application for GNOME
with the advent of free open source SIP platforms like and Windows . It is distributed as free software
Asterisk, Kamailo, and Freeswitch; the world of VOIP and SIP under the terms of the GNU General Public
phones have become a major player in the world of free License. se" Ekiga supports both the SIP and
telephony. H.323 (based on OpenH323 protocols )and is fully
Now as SIP phone are gaining popularity more and more, interoperable with any other SIP compliant
the technicians are discovering new problems associated with application and with Microsoft NetMeeting . It
supports many high-quality audio and video
this technology. While using SIP phone services whether for
codecs.
home use or business purpose in a one to one or conference
mode one often comes across problems like lost calls, bad call
quality, other line seems to be engaged while it is actually not 3. BigBlueButton = The BigBlueButton is a versatile
& also jump calls(calls to wrong telephone number) . There open source project that is built over fourteen open
source components to create an integrated web
have been multiple softwares produced for deciphering such
conferencing system that runs on mac, unix or pc
problems in SIP telephony. These softwares mainly deal with computers. some of the features of this softphone
analyzing the incoming and outgoing calls through the router are web cam management, presentation in which
that are using the SIP protocol or the RTP or UDP protocols. any user can upload PDF presentation, office
After the analyses of these protocols are done the problem is document and keep everyone in sync with their
pinpointed and can be dealt with effectively. current page, zoom, pan, and see the presenters
Two of the most acknowledged software in this field are mouse pointer. BigBlueButton voice conferencing
TCP Dump and Wireshark. While TCP Dump can only run on supports voice over IP (VOIP) conferencing out-of-
UNIX platforms, Wireshark can be run on any platform. In the-box.
>Inetrim Report 3 2

4. Twinkle - Twinkle is a free software open source


software application for Voice over Internet
Protocol (VoIP) voice communications in IP networks,
such as theInternet.It is designed
for GNU/Linux operating systems and uses the Qt toolkit
for its graphical user interface. For call signaling it
employs the Session Initiation Protocol. It also features
direct IP to IP calls. Media streams are transmitted via
the Real-time Transport Protocol which may be encrypted
with the Secure Real-time Transport Protocol (SRTP) and
the ZRTP security protocolsTwinkle supports the
following audio codecs.
 G.711 A-law (64 kbps payload, 8 kHz sampling rate)
 G.711 μ-law (64 kbps payload, 8 kHz sampling rate)
 GSM (13 kbps payload, 8 kHz sampling rate)
 Speex narrow band (15.2 kbps payload, 8 kHz
sampling rate)
 Speex wide band (28 kbps payload, 16 kHz sampling
rate)
 Speex ultra wide band (36 kbps payload, 32 kHz Fig 1. The wireshark capture window
sampling rate)
 iLBC (13.3 or 15.2 kbps payload, 8 kHz sampling
Then we start the Soft phone and dialed a toll free
rate)
G.726 (16, 24, 32 or 40 kbps payload, 8 kHz sampling rate number (we dialed 001-800-457-7777, the toll free
number of Toshiba service center). As soon as the
number is dialed we could see wireshark capturing
III. WIRESHARK the RTP (Real time protocol) packets.
Wireshark is the world's foremost network protocol analyzer, After about three to four minutes, we stopped the
and is the de facto standard across many industries and capturing process and started analyzing the packets
educational institutions. The features of this tool are:
in offline mode.
 Live capture of packets and their offline analysis.
 Standard three pane packet browser.
We followed this process for two SIP phones.
 Runs on multiple platforms: Windows, Linux, Solaris, First we analyzed Empathy and then Ekiga.
NetBSD, FreeBSD.
 Captured network data can be browsed via a GUI, or V. RESULTS
via the TTY-mode TShark utility i)EMPATHY
 The most powerful display filters in the industry The table below gives us the detailed account of the SIP call
 Rich VOIP/SIP protocol analysis. made from Empathy. We can see that the jitter accounted for
 Deep inspection of hundreds of Packet Sequenc Time Delta Jitter(ms) Skew IP BW Mark Status
protocols added every day. e stamp (ms) (ms) (Kbps) er

1 623 4477 44860 0 0 0 1.6 SET [OK]


IV. THE PROCESS 0
First we start the wireshark protocol analyzer 2 625 4478 44876 19.8 0.01 0.17 3.2 [OK]
and start the packet capture mechanism as 0 3
shown in Fig 1. 3 627 4479 44892 19.9 0.01 0.21 4.8 [OK]
0 6
4 629 4480 44908 20 0.01 0.21 6.4 [OK]
0
5 632 4481 44924 20.5 0.04 -0.28 8 [OK]
0
6 633 4482 44940 19.7 0.05 -0.08 9.6 [OK]
0 9
7 636 4483 44956 20 0.05 -0.08 11.2 [OK]
0
Fig. 2 Table showing the details of the SIP transaction
>Inetrim Report 3 3

is very stable and is quite acceptable. ii) TWINKLE


Next we will fetch another table like this one for Ekiga We executed Twinkle SIP phone on the Open Suse 11.2
and will be able to analyze in a comparable manner between platform. The overall performance of the product was
these two SIP services. satisfactory. However the forward and the reverse jitter
encountered were more than what we expected. The call clarity
was perfect.
The below figure shows the CALL FLOW of the entire
process.

Fig 3. Graph showing the Forward Jitter and the Reverse


jitter in Empathy.

The above graph shows the forward jitter in the call. Note Fig 4: The flow graph of the process
that no green spikes can be seen in the graph. Green spikes
represent the reverse jitter. Since there was no answer from our
side , there were no reverse jitter experienced. Hence there are Packet Sequen Time Delta Jitter(m Skew IP BW
ce stamp (ms) s) (ms) (Kbps)
no green spikes.

33 52496 3752872 0 0 0 0.58


392
36 52497 3752855 28.17 0.51 - 1.17
2 8.17
39 52498 3752871 48.48 1.82 - 1.75
2 29.6
5
40 52499 3752887 8.33 2.44 - 2.34
2 17.9
8
43 52500 3752873 42.13 3.67 - 2.92
032 40.1
1
44 52501 3752873 0.17 4.68 - 3.5
192 20.2
8
46 52502 3752873 21.43 4.48 - 4.09
352 21.7
1

Fig 3. The analyzed call spikes in Empathy. Fig 5: The datas collected

The above figure represents the Call graph. Here only one The above figure shows the datas related with the entire
channel seems to have the spikes. This is because only the operation of the product. The relative average Jitter
operator on the other side of the phone talked. encountered was 11.08 ms. This was quite high as compared to
>Inetrim Report 3 4

other opensource soft phones like that of X-Lite. However in I/O Graph showing packets/unit time v/s time –
totality this product functioned satisfactorily. X axis – Ticker/Time (in sec)
Y axis – Packets per unit Ticker(or Time)
iii) EKIGA

Ekiga was installed on UBUNTU 9.10 – JAUNTY BUILD –


and just like in the previous cases we started wireshark prior to
the initiation of the VOIP call. Once the call was in progress
we collected the following data –

Fig 6 – Showing the wireshark packet capture window.

Fig 8 – I/O Graph during the INITIATION of the VOIP CALL

Since the VOIP call was being established, hence we see very
few packets in the beginning causing a dip to almost zero
packets per unit time, the reason being that ARP was mapping
the IP address 192.168.113.2 to the MAC address of the
machine 00:50:56:f9:15:47 once this was completed it
gradually settled down to a constant rate with the UDP
successfully resolving source and destination ports. Also we
see a spike at exactly 3.169s because this is when DNS comes
Fig 7 Shows the table with packet jitter , BW as well as into play and is trying to locate the Ekiga server using
SKEW. STANDARD QUERY RESOLUTION.
>Inetrim Report 3 5

Fig 9 – I/O graph well after ESTABLISHMENT of the VOIP


CALL
Figure 9 shows the exceptionally stable performance of
EKIGA with a constant rate of packets along the time Fig 10 - I/O Graph during the TERMINATION of the VOIP
axis.However we do observe a major spike in between which CALL
must be because of a sudden surge in the available BW at 613s
, the jump being from mid 159.04 kbps to 165.85 kbps Finally we see the packets per unit time dipping to zero in
allowing flow of more packets. figure 10 since this is when we terminated the call.
>Inetrim Report 3 6

As the sampling frequency must be known to correctly


Packet Sequen Time stamp Delta Jitter(m Skew IP BW calculate jitter
ce (ms) s) (ms) (Kbps)
it is problematic to do jitter calculations for dynamic
payload types
607 25716 41369328 33.1 893.5 438 153.0 as the codec and it's sampling frequency must be known
9 1 931. 9 which implies
75 that the setup information for the session must be in the
608 25717 41453412 36.5 893.7 439 159.5 trace and the codec
1 8 829. used must be known to the program(with the current
5 implementation).
609 25718 41537496 38.0 893.9 440 159.7
7 3 725. 4
If suppose we have the following sample data –
69
R0 = frame 624: frame.time = Jul 4, 2005 11:56:25.348411000
610 25719 41621580 45.3 893.6 441 159.0
S0 = frame 624: rtp.timestamp = 1240
3 2 614. 4
R1 = frame 625: frame.time = Jul 4, 2005 11:56:25.418358000
62
S1 = frame 625: rtp.timestamp = 1400
611 25720 41705664 37.2 893.8 442 159.8
R2 = frame 626: frame.time = Jul 4, 2005 11:56:25.421891000
4 3 511. 7
S2 = frame 626: rtp.timestamp = 1560
66
we also have rtp.p_type = ITU-T G.711 PCMA (8) and thus we know
612 25721 41789748 47.0 893.4 443 158.9 sampling clock is 8000Hz and thus the unit of rtp.timestamp is 1/8000
9 1 398. 9 sec = 0.000125 sec .
81 Then this is how we shall calculate the JITTER
613 25722 41873832 35.9 893.7 444 165.8 frame 624:
7 2 297. 4 J(0) = 0
12 frame 625:
D(0,1) = (R1 - R0) - (S1 - S0)

Fig 11 – Table with JITTER, BW, SKEW and TIMESTAMP  = [in seconds] (.418358000 sec - .348411000 sec) - (1400 *
of given packets 0.000125 sec - 1240 * 0.000125 sec) = 0.049947

J(1) = J(0) + (|D(0,1)| - J(0))/16


The obviously visible fact about the above table is the almost
constant jitter. Since we know that Jitter is a variation of delay  = [in seconds] 0 + (|0.049947| - 0)/16 = 0.0031216875

and hence a constant jitter will not hamper the performance of frame 626:
a voip call and here we see that EKIGA has almost constant D(1,2) = (R2 - R1) - (S2 - S1)
jitter throughout the duration of the call , which is just one of
 = [in seconds] (.421891000 sec - .418358000 sec) - (1560 *
the reasons why the call quality was excellent. 0.000125 sec - 1400 * 0.000125 sec) = -0.016467

J(2) = J(1) + (|D(1,2)| - J(1))/16


VI. THE MATHS INVOLVED
 = [in seconds] 0.0031216875 + (|-0.016467| - 0.0031216875)/16
. Wireshark calculates jitter according to RFC3550 (RTP): = 0.00395576953125
If Si is the RTP timestamp from packet i, and Ri is the time of
 How bandwidth (BW) is calculated
arrival in RTP timestamp units for packet i, then for two The BW column in RTP Streams and RTP Statistics dialogs shows the
packets bandwidth at IP level for the given RTP stream. It is the sum of all octets,
i and j, D may be expressed as including IP and UDP headers (20+8 bytes), from all the packets of the
given RTP stream over the last second.
 D(i,j) = (Rj - Ri) - (Sj - Si) = (Rj - Sj) - (Ri - Si)
The interarrival jitter SHOULD be calculated continuously as VII. PROBLEMS THAT CROPPED UP AND HOW WE
difference D for that packet and the previous packet i-1 in RESOLVED THEM
order
of arrival (not necessarily in sequence), according to the Fedora Issue: we in the beginning thought of using Fedora as
formula a test benchmark for this project alongside Ubuntu 9.11, since
it is one of the oldest LINUX versions in the market. But as we
 J(i) = J(i-1) + (|D(i-1,i)| - J(i-1))/16 proceeded with our project we found out that Fedora has some
RTP timestamp: RTP timestamp is based on the generic problem with the ITU-T G.711 PCMA audio codec.
sampling frequency There were a lot of glitches in the call quality which was not
of the codec, 8000 in most audio codecs and 90000 in the fault of the VOIP solutions that we were benchmarking.
most video codecs Hence to get a better understanding of the sip phones under
>Inetrim Report 3 7

scrutiny we replaced Fedora with Open Suse 11.2 operating [4] WIRESHARK WEBSITE www.wireshark.org
[5] How VOIP works http://www.fcc.gov/cgb/consumerfacts/voip.pdf
system.
[6] Open Source Voip Traffic Monitoring , Luca Deri
[7] Understanding VOIP Over Internet Protocol, Mathew Desantis – US Cert
Cent OS issue: Next we planned to build a BigBlueButton [8] Security Considerations For Voice Over IP Systems - NIST
server on a Cent OS (Community Enterprise Operating

System) and subsequently benchmark the open source
solution. But as we proceeded with our project we found out
that the CentOS has several issues with the video cards. It
seems CentOS is not compatible with Voodoo 3 range video
cards. Hence there was a problem when installing the OS.
Even after we installed it with in text mode (Linux text mode),
the GUI could not recognize mouse or legacy keyboard.

Reassigning of the UDP Ports –


While performing the test we sometimes were running two sip
phones in parallel on the same machine, and by default a VOIP
call routes through the UDP PORT 5060, however when
running two phones at the same time one of the phones
occupies the port rendering it inaccessible for the second sip
phone. Hence we must make sure that we assign a different
port ranging between 5061 to 5069 for the second VOIP call.
This solved the issue faced and allowed mooth running of
bothe the SIP clients.

Initial trouble with EKIGA and how we came around that


problem –

When we started out, we used a sip account to make calls.


Although UBUNTU 9.10 – JAUNTY BUILD, our SIP
account was displayed as registered and our calls were also
going through, when calling each other, we could never hear
any voice from either side. This issue was resolved by
changing the settings of going into EKIGA
PREFERENCES>AUDIO>DEVICES and in the directory we
change the ringing device from SILENT (Ekiga/Ekiga) to
Default (PTLIB/ALSA).

VII. FUTURE OF OUR PROJECT


In future we will be installing BigBlueButton in UBUNTU
9.10 – JAUNTY BUILD environment. We will also try and
setup a BigBlueButton server and examine its performance in
UBUNTU 9.10 – JAUNTY BUILD Karmic koala
environment. We intend to perform the packet analysis on
EKIGA, EMPATHY on both Open Suse 11.2 and UBUNTU
9.10 – JAUNTY BUILD with a permutation and combination
ensuring we are able to compare each soft phone on each OS
& hence get a better insight into both the soft phones and the
robustness of the OS.

IX . REFERENCES
[1] A. Leon-Garcia, I. Widjaja, Communication Networks: Fundamental
Concepts and Key Architectures, 2nd ed., New York: McGraw-Hill,
2004, pp. 706-756.
[2] “QoS Assessment of Video Over IP.” [Online]. Available:
http://encyclopedia.jrank.org/articles/pages/6873/Qos-Assessment-of-
Video-Over-IP.html
[3] “Ethernet Capture Setup.” [Online]. Available:
http://wiki.wireshark.org/CaptureSetup/Ethernet