Ask Your Question
0

UDP Packet Loss

asked 2021-05-20 23:32:55 +0000

JMM gravatar image

I am trying to analyze a video streaming application in Wireshark. I can see that it uses UDP for video, audio and data. I'm interested in knowing how to estimate packet loss. How can I do it?

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

answered 2021-05-22 02:40:51 +0000

BigFatCat gravatar image

I often need to troubleshoot packet captures where Wireshark does not have a dissector or proprietary protocol then the trick is count packets.

Try this. Filter by UDP stream. If the stream, started and ended at the same time then the packet count will be the same in all the captures.

Filter by UDP stream and source IP address. If the stream, started and ended at the same time then the packet count will be the same in all the captures.

Filter by UDP stream and destination IP address. If the stream, started and ended at the same time then the packet count will be the same in all the captures.

If the UDP stream, started and end at different times then align all the captures and verify if the count is the same.

Check the IP ID in one direction only and see if they are sequential. That is one pattern to check for packet loss.

Send a response if that doesn't work or you need help on the next step(s).

edit flag offensive delete link more
0

answered 2021-05-21 01:39:35 +0000

martyvis gravatar image

It depends. If the stream is encapsulated in a RTP over UDP stream it is very easy. Wireshark has some analysis tools in the Telephony:RTP menuimage description

In the attached I took the sample H.265 over RTP file at https://gitlab.com/wireshark/wireshar... and deleted 3 frames. As you can see the RTP Streams tool shows 4 missing (apparently the sample already has a loss). You can also use the more detailed RTP Stream Analysis tool to show which frames are missing.image description

If you are sending raw UDP without a RTP encapsulation, I would still expect their to be a sequence number in the payload that you can look for missing frames. You could then write some LUA code to a delta between that sequence number and say that in the previous frame (in the same UDP stream). If the delta wasn't one, than you could flag there being a missing frame (or at least it is out of order)

edit flag offensive delete link more

Comments

Thank you for your answer. Appreciate it! It is raw UDP without RTP encapsulation. I am not an advanced Wireshark user. Could I request to kindly explain on how I can do this please "a sequence number in the payload that you can look for missing frames. You could then write some LUA code to a delta between that sequence number and say that in the previous frame (in the same UDP stream). If the delta wasn't one, than you could flag there being a missing frame (or at least it is out of order)"

JMM gravatar imageJMM ( 2021-05-21 04:48:16 +0000 )edit

To detect packet loss, the application being transported over UDP MUST have some sort application specific packet (or sequence) number so that the receiver can not missing packets and take some action.

You must determine where in the packet data this number occurs and then you can write a dissector to process it, i.e. effectively reverse engineering the data format.

grahamb gravatar imagegrahamb ( 2021-05-21 08:27:00 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2021-05-20 23:32:55 +0000

Seen: 5,482 times

Last updated: May 22 '21