[VOIPSEC] SRTP and ZRTP protocol measurements
Ronald del Rosario
rrosario at five9.com
Thu Apr 22 22:39:44 CDT 2010
Serge,
Regarding your questions:
1. The SRTP scenario: all the stream between the two IP Phones are "UDP" and I do understand that this is because the media stream are encrypted, hence the SRTP packets are encapsulated. Now I am wondering how to find the above information.
2. The ZRTP scenario: The packets between the phones are RTP and other unknown RTP... Now, I don't see why these packets are not "UDP"? and How to get the ZRTP information? Thank you!
You can tell Wireshark how to decode the traffic so it properly recognizes it as an RTP stream instead of just UDP on the Protocol field. Just right-click on the first UDP packet and select "Decode As..." and select "Both" for the UDP port(s) drop-down selector, and RTP on the Protocol List and hit the Apply both. You can also make this a permanent configuration every time you launch Wireshark.
Next is to make sure Wireshark recognize and decode RTP outside of conversations. You can do this by going to the Edit Menu then Preferences>Protocols>RTP>
and put a check mark on "Try to decode RTP outside of conversations" and hit the Apply button.
The process applies to ZRTP as well, but in order for Wireshark to properly recognize, decode or "dissect" ZRTP packets, you need to download and install the "ZRTP packet dissector patch for Wireshark". You can download it here:
http://www.zfoneproject.com/wireshark.html
Have fun analyzing RTP streams! I do it every morning with a cup of strong coffee :-)
Best,
Ron
----
[VOIPSEC] SRTP and ZRTP protocol measurements
SERGE TUMBA serget68 at msn.com
Fri Apr 23 00:14:46 BST 2010
* Previous message: [VOIPSEC] Governments employing MiTM attacks against SSL
* Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I am requesting help with SRTP and ZRTP protocol measurements.
I have two configurations:
1. A Router connected to a switch and two switch ports used to connected two IP Phones (Hardphones) with SRTP deployed so the media tream are encrypted.
2. Using a VMware for workstations, I used 2 softphones in this second scenario that I connected to a soft PBX and the two softphones (on different operating systems, and the PBX on another one), the two softphones have zfone on each ends for ZRTP support.
Now is my problem:
I need to look for each protocol SRTP and ZRTP, I need to look at RTP/SRTP streams (and ZRTP streams as well), the stream between the phones in each scenario, and compare them:
1. How big the SRTP and ZRTP packets are.
2. What is the size of their header (overhead).
3. What is the size of the payload.
4. What is the delay for such packets.
5. What is the jitter for such packets.
I have been using the free sniffer program, the Wireshark. And in each scenario:
1. The SRTP scenario: all the stream between the two IP Phones are "UDP" and I do understand that this is because the media stream are encrypted, hence the SRTP packets are encapsulated. Now I am wondering how to find the above information.
2. The ZRTP scenario: The packets between the phones are RTP and other unknown RTP... Now, I don't see why these packets are not "UDP"? and How to get the ZRTP information?
Thank you!
Serge
More information about the Voipsec
mailing list