Real-time Transport Protocol (RTP) is a critical component for transmitting voice and video data over IP networks. This guide will help you analyze RTP voice streams in Wireshark, identify common issues like packet loss and jitter, and learn the acceptable values for optimal performance.

Real-time Transport Protocol (RTP) is commonly used for transmitting voice and video data over IP networks, making it a crucial component of many VoIP and video conferencing applications. In this article, we will focus on how you can analyze RTP voice streams using Wireshark, identify common problems like packet loss and jitter, and understand the acceptable values for these parameters.

1. Capturing RTP Voice Streams in Wireshark

Before we can analyze RTP voice streams, we need to capture them. To do this, you can use Wireshark's capture filter feature by entering udp portrange 16384-32767 (commonly used RTP port range) in the capture filter field. This will help you focus only on the RTP traffic and exclude other irrelevant packets.

2. Identifying Packet Loss

Packet loss is one of the most common issues affecting RTP voice streams. It occurs when packets are dropped or lost during transmission, leading to audio artifacts and degradation in call quality. To identify packet loss in Wireshark, use the Telephony > RTP > RTP Streams menu option. This will display detailed information about all RTP streams, including packet loss percentages. A packet loss rate below 1% is generally considered acceptable for voice traffic.

3. Analyzing Jitter

Jitter refers to the variation in packet arrival times, which can cause audio distortion and reduced call quality. In Wireshark, you can analyze jitter by selecting an RTP stream from the Telephony > RTP > RTP Streams window and clicking the "Analyze" button. This will display a detailed graph of jitter values over time. A jitter value below 30 ms is typically considered acceptable for voice traffic.

4. Additional Indicators of Poor RTP Connections

Aside from packet loss and jitter, there are other indicators of poor RTP connections. High latency, or the time it takes for a packet to travel from sender to receiver, can also affect call quality. A one-way latency below 150 ms is generally considered acceptable for VoIP applications. Another factor is the MOS (Mean Opinion Score), a subjective measure of voice quality ranging from 1 (poor) to 5 (excellent). A MOS score above 3.5 is usually considered satisfactory for voice calls.

5. Wireshark Tips and Tricks for RTP Analysis

To further enhance your RTP analysis skills in Wireshark, remember these tips:

  • Use display filters like rtp or rtcp to focus only on RTP and RTCP traffic.
  • Leverage Wireshark's built-in VoIP call analysis features by navigating to Telephony > VoIP Calls to view active calls and related RTP streams.
  • Use the Telephony > RTP > RTP Stream Analysis feature to generate detailed statistics, including packet count, lost packets, and jitter values.

By becoming proficient in RTP voice stream analysis using Wireshark, you'll be able to identify and resolve common issues affecting voice quality in VoIP and video conferencing applications. Don't forget to check out our WIRED for Packet Analysis training course (https://oripka.de/en/wired/) and our new online PCAP analyzer, PacketSafari (https://app.packetsafari.com), to further enhance your packet analysis expertise.