Wireshark抓包分析专题培训课件
合集下载
相关主题
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
© Polycom, Inc. All rights reserved.
14
How to read H.323 message?
• H.245 OLC & OLC ACK
© Polycom, Inc. All rights reserved.
15
How to read H.323 message?
③Jitter calculations done by Wireshark should be ignored.
© Polycom, Inc. All rights reserved.
9
Wireshark的使用
• 分析TCP Stream
© Polycom, Inc. All rights reserved.
3
目录
云视频
© Polycom, Inc. All rights reserved.
How to capture? Wireshark的安装 Wireshark的使用 How to read H.323 message? 网络设备对我们的影响 断线问题案例 ALG故障案例
4
Wireshark的安装
• 注意以下界面,一定要安装WINCAP。
© Polycom, Inc. All rights reserved.
5
目录
云视频
© Polycom, Inc. All rights reserved.
How to capture? Wireshark的安装 Wireshark的使用 How to read H.323 message? 网络设备对我们的影响 断线问题案例 ALG故障案例
Wireshar k抓包分析
© Polycom, Inc. All rights reserved.
1
目录
云视频
© Polycom, Inc. All rights reserved.
How to capture? Wireshark的安装 Wireshark的使用 How to read H.323 message? 网络设备对我们的影响 断线问题案例 ALG故障案例
• 分析RTP Stream
①Wireshark considers all out-of-order packets as being lost.
②Wireshark will NOT consider late-arriving packets as being lost if the packets are still captured in order, nomatter how late those packets arrive.
17
网络设备对我们的影响
• TCP layer issue • UDP layer issue • ALG
© Polycom, Inc. All rights reserved.
18
TCP Basic
• TCP三次握手
• 发起断链
• 发起断链
© Polycom, Inc. All rights reserved.
10
目录
云视频
© Polycom, Inc. All rights reserved.
How to capture? Wireshark的安装 Wireshark的使用 How to rwk.baidu.comad H.323 message? 网络设备对我们的影响 断线问题案例 ALG故障案例
11
How to read H.323 message?
• Captures which do not include call signaling will list RTP as UDP packets; H.245 as TCP packets only.
© Polycom, Inc. All rights reserved.
8
Wireshark的使用
2
How to capture?
• 交换机镜像(Mirror + Wireshark) • 设备本身抓包(下载后,使用Wireshark进行分析) • RPAD抓包的方法 • DMA抓包的方法
• RPD抓包的方法 • RMX抓包的方法
© Polycom, Inc. All rights reserved.
© Polycom, Inc. All rights reserved.
12
How to read H.323 message?
• H.225 Admission
© Polycom, Inc. All rights reserved.
13
How to read H.323 message?
• H.225 Connect
19
H.245 Round trip
• HDX systems transmit H.245 RoundTripDelayRequest every 30 seconds. • An H.323 system is not required to transmit H.245 RoundTripDelayRequest • It is mandatory that a system which received H.245 • RoundTripDelayRequest acknowledge the request with H.245 RoundTripDelayResponse • If HDX does not receive RoundTripDelayResponse, it will terminate the H.323 call
6
Wireshark的使用
• Filter
© Polycom, Inc. All rights reserved.
7
Wireshark的使用
• Important things first: Wireshark will not usually recognize any VoIP calls in a capture unless call signaling (H.225.0, H.245, SIP/SDP) is also included inthe capture.
• H.460.18 (Signaling) • H.460.19 (Media)
© Polycom, Inc. All rights reserved.
16
目录
云视频
© Polycom, Inc. All rights reserved.
How to capture? Wireshark的安装 Wireshark的使用 How to read H.323 message? 网络设备对我们的影响 断线问题案例 ALG故障案例