SIP · VOIP · Wireshark

Speed up RTP packetloss troubleshooting with tshark read filters

keithcroxford /
 ·  ·  · 

I hate waiting for Wireshark to load a 20+meg capture file to review RTP streams. Once it loads you  browse  to “Telephony > RTP > Show All Streams”. Then you wait for it analyze the RTP streams…..

If you have a fair amount of memory it might not be too horrible of a wait, but it can always be quicker. Especially for those who are dowloading captures from a remote capture point. Often you download 5-6 files before you find one with any RTP loss or massive amounts of jitter.

Using “tshark” from the CLI ( Windows or *Nix) you can set a read filter and show the RTP stream analysis  in a few seconds.  The syntax is “tshark -r <filename > -qz rtp,streams“.  This process through the GUI takes about 3 minutes on my Windows Vista Laptop.  Running through the Windows CLI it takes under 10 seconds.

After running this you are presented with the same output seen through “Telephony > RTP > Show All Streams” (GUI).

Of course this method doesn’t allow listen to the G.711 streams like you can through the GUI. The GUI has the eavesdropping capabilities that allow you to hear issues that occurred before packetization (Stream shows no loss, however audio sounds choppy).  There is however a definite advantage to this method. Below a sample of the output :

[12:10:36][FSLab]$ tshark -r capture1.pcap -qz rtp,streams
========================= RTP Streams ========================
    Src IP addr  Port    Dest IP addr  Port       SSRC          Payload  Pkts         Lost   Max Delta(ms)  Max Jitter(ms) Mean Jitter(ms) Problems?
    192.168.3.38 23988    192.168.2.146 20000 0xFBD96BBC ITU-T G.711 PCMU   127     0 (0.0%)           20.07            0.03            0.02 X
   192.168.2.146 20000     192.168.3.38 23988 0x1D2E1E1A ITU-T G.711 PCMU   130     0 (0.0%)           23.48            0.43            0.07 X
    192.168.3.38 24016    192.168.2.146 20000 0x9F3C715C ITU-T G.711 PCMU   127     0 (0.0%)           20.16            0.03            0.02 X
   192.168.2.146 20000     192.168.3.38 24016 0x28781E1C ITU-T G.711 PCMU   130     0 (0.0%)           22.77            0.41            0.11 X
    192.168.3.38 23952    192.168.2.146 20000 0x173A4637 ITU-T G.711 PCMU   127     0 (0.0%)           20.07            0.03            0.02 X
   192.168.2.146 20000     192.168.3.38 23952 0x03C61E1E ITU-T G.711 PCMU   130     0 (0.0%)           20.32            0.11            0.08 X
    192.168.3.38 24012    192.168.2.146 20000 0x753488EF ITU-T G.711 PCMU   127     0 (0.0%)           20.09            0.03            0.02 X
    192.168.3.38 20372    192.168.2.146 20000 0xAB77B2B9 ITU-T G.711 PCMU   127     0 (0.0%)           20.19            0.04            0.02 X
   192.168.2.146 20000     192.168.3.38 20372 0x10021E47 ITU-T G.711 PCMU   130     0 (0.0%)          282.48           24.18            5.84 X