Difference between revisions of "Ethereal"
| Line 7: | Line 7: | ||
* <tt>192.168.1.189 </tt>- Laptop #1 running only X-lite | * <tt>192.168.1.189 </tt>- Laptop #1 running only X-lite | ||
| − | After capturing we filtered out | + | = Analysis on VoIP-calls = |
| + | We did also do some [[Ethereal Analysis]] on the traffic during several conversations. | ||
| + | |||
| + | = Using Ethereal = | ||
| + | Ethereal can capture all network data. | ||
| + | This captured data must be filtered in order to do some analysis. | ||
| + | |||
| + | e.g. After capturing we filtered out all data to machines not on the local network (IP-adress other than 192.168.1.x), using this filter: | ||
ip.src >= 192.168.1.1 && ip.src <= 192.168.1.255 && ip.dst >= 192.168.1.1 && ip.dst <= 192.168.1.255 | ip.src >= 192.168.1.1 && ip.src <= 192.168.1.255 && ip.dst >= 192.168.1.1 && ip.dst <= 192.168.1.255 | ||
| + | Doing this ensures other data like a webpage refreshing, or a mail-client fetching new mail does not contaminate the meassurements. | ||
| − | + | When doing further analysis, sometimes the filters should only look at the protocol under investigation, because Windows PC's will also communicate to each other about shared files, etc. | |
| − | + | Also HTTP- and DHCP-traffic is not uncommon between the VMware- and other machines. | |
| + | |||
| + | When measuring all data on the local network, the network adapter has to be set in '''promiscuous mode''' | ||
Revision as of 13:30, 30 January 2007
Ethereal is used to analyse the network traffic.
We captured the network data with the following machines:
- 192.168.1.101 - Asterisk #1
- 192.168.1.106 - Asterisk #2
- 192.168.1.3 - Windows machine 1 (also running both VMware's for both Trixboxes)
- 192.168.1.189 - Laptop #1 running only X-lite
Analysis on VoIP-calls
We did also do some Ethereal Analysis on the traffic during several conversations.
Using Ethereal
Ethereal can capture all network data. This captured data must be filtered in order to do some analysis.
e.g. After capturing we filtered out all data to machines not on the local network (IP-adress other than 192.168.1.x), using this filter:
ip.src >= 192.168.1.1 && ip.src <= 192.168.1.255 && ip.dst >= 192.168.1.1 && ip.dst <= 192.168.1.255
Doing this ensures other data like a webpage refreshing, or a mail-client fetching new mail does not contaminate the meassurements.
When doing further analysis, sometimes the filters should only look at the protocol under investigation, because Windows PC's will also communicate to each other about shared files, etc. Also HTTP- and DHCP-traffic is not uncommon between the VMware- and other machines.
When measuring all data on the local network, the network adapter has to be set in promiscuous mode
