TSHARK: RTCP output & calculations

[Martin Thorpe <martinjasonthorpe () googlemail com>]

Hi all!

I'm hoping someone would not mind giving me some quick tips on some issues
I am having below. I am trying to learn the best way to calculate packet
loss and round trip delay for each of the call legs relating to a specific
call by using "tshark", the command line output is as follows:

./tshark -i eth2 -o "rtp.heuristic_rtp: TRUE" -o
"rtcp.show_roundtrip_calculation: TRUE" -R 'rtcp.ssrc.cum_nr >= 50' -V -d
udp.port==5005,rtcp -e rtcp.ssrc.identifier -E occurrence=f -e
rtcp.roundtrip-delay -e rtcp.ssrc.fraction -e rtcp.ssrc.cum_nr -e
rtcp.ssrc.jitter -e ip.src_host -e rtcp.sdes.text -E occurrence=l -e
rtcp.ssrc.dlsr -T fields -E separator=, -E quote=n

This is giving me the following as an example:

0x1377d452,,13,349,0,192.196.76.60,ext50267@192.196.76.60:2330,0 <<<<< END
POINT (Phone)
0x1377d452,,13,349,0,192.168.1.10,ext50267@192.196.76.60:2330,0 <<<<<
TSHARK server

TSHARK always shows two outputs for the above - the first in the above
example is the actual end point and the second is the server I am running
"tshark" from, what I am trying to figure out is this:

1. How to associate call legs with a specific call in the senders report, I
believe I can do this using a combination of the SSRC identifier and the
CNAME, more so the CNAME as SSRC identifier is open to changing in a
collision situation.

2. How to know calculate when the specific call has completed? this is
difficult as the RTCP report interval is every 5 seconds, so if a call
completes prior to the 5 second interval I may not receive another RTCP
report // hear anything? I cannot see any packet type of BYE either, which
really does not help.

3. How to calculate packet loss - I believe this is done by calculating the
difference in cumulative packet loss between the two reception points

4. How to calculate round trip delay - this is tough, looking at RFC3550 it
says: Delay = Arrival time - LSR - DLSR

A = Time stamp of receiving returned report, ie second frame in sequence?
LSR = Time stamp of sending original report, ie first frame in sequence?
DLSR = from second frame

I'm still confused how to calculate round trip delay using the above tshark
output, I think I am missing essential fields to do this but I am not sure
which timestamp field I need to show....

Essentially I want to perform the above in a Perl script (there is no
problem with coding) but can't do this until I fully understand how
to associate the calls and obtain the data to perform the calculations,
does anyone have an example of how they did this or can help - if you could
it would be most appreciated greatly!

Thanks! :-)

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe