Wireshark 6 LE – Voice & Video over IP Network Analysis Using Wireshark (Law Enforcement)

Format: 5 days Classroom Instruction

Start/End Times: 0830-1630

Recommended Class Size: 5-12

Audience: Intermediate

Target Audience:

This course is designed for Networking, Government and Security personnel that need to develop a set of packet investigation techniques through study of the Voice, Video and Multimedia over IP-based Protocols using Wireshark and other Open-Source Analysis tools. Successful completion of this course will provide these individuals with a path-way into the field of Multimedia over IP-based Analysis.

Recommended Prerequisites:

Completion of Wireshark 1 or equivalent networking and Wireshark experience

Description:

This course will provide the student with a set of analysis techniques focusing on the use of vendor-neutral, Open-Source Tools to provide insight into the following areas:

  • VoIP, Video over IP, T.120 Conference and T.38 Fax over IP Network Analysis fundamentals
  • VoIP focused network security principles including encryption technologies and defensive configurations of network infrastructure devices
  • Recognition for a variety of issues that affect VoIP and Video-based networks and the quality of the voice data. Factors including, latency, out-of-sequence packets, Jitter and Quality-of-Service and how the End-User experiences them will be analyzed and evaluated.
  • Key VoIP related protocols including SIP, MGCP, SCCP, UNISTEM, H.323, T.38 T.120 and related supporting protocol architectures will be examined.
  • Open-Source VoIP, Video and T.38 Network Analysis Tools and specialized Network Analysis techniques including audio / Video data traffic reconstruction and viewing

Real-World examples will be utilized throughout the course in conjunction with numerous hands-on exercises to provide field proven, practical analysis skills. Attendees will receive a student guide including numerous reference files and networking and forensics tools, as well as a library of reference documents.

 

Course Details:

I. Introduction

  • Overview of Telephony, Video and Fax Technologies
    • PSTN Technology & Nomenclature
      • History of Telephony – from PSTN to Voice, Video and T.38
      • Concerns and Limitations
      • VoIP Terminology
      • Video Terminology
      • T.38 Fax over IP Terminology
      • T.120 – Conference over IP Terminology
    • IP Packet vs. PSTN Switching
      • Signaling – In-Band vs. Out-of-Band Signaling
    • Next Generation Networking and VoIP Technology
      • Benefits vs. Competing Standards

II. VoIP Troubleshooting and Analysis

  • Recap – Data Collection
    • Location – How Network Infrastructure Devices Affect Capture and Analysis
      • Switches, Bridges, Routers, Firewalls, CSU / DSU and SBC
    • Multimedia Data Collection – Tips & Techniques
    • Capture Configuration and Multiple Captures
      • Configurations – LAN vs. WiFi / WLAN IEEE 802.11
      • Real-time vs. Post Capture Analysis
      • Monitoring current traffic
  • The Technology of Voice, Video and Fax over IP
    • VoIP Components and Hardware Nomenclature
    • Competing Standards – Public vs. Proprietary
      • VoIP – SIP In-Band Signaling
      • VoIP – H.323 In-Band Signaling
      • VoIP – MGCP / Megaco In-Band Signaling
      • VoIP – Skinny (SCCP) / Unistim In-Band Signaling
      • Video over IP Signaling
      • T.38 Fax over IP Signaling
      • T.120 Conference over IP Signaling
    • Protecting VoIP Traffic – QoS: Quality of Service
      • IEEE 802.1p / IEEE 802.1p/q
      • RSVP vs. Integrated / Differentiated Services
      • Assessment of Key VoIP Network Statistics
    • Assessment of Call Quality – Competing Metrics
      • Mean Opinion Score (MoS)
      • R-Factor / R-Value
      • Making Things Secure – Voice and Video Encryption
  • Statistical Assessment of VoIP Protocols
    • Key Protocols
      • Signaling – SS7, SIP, H.323 Suite, MCGP, SDP, RTSP, RAS, SCCP, Unistim
      • Data – RTP, RTCP/RTCP-XR,
      • Video
      • Fax
    • Voice and Video Codec’s
      • Audio Codec’s – G.7xx series
      • Video Codec’s – H.2xx Series
    • Selecting Key Information for Statistical Evaluation
      • Types of Filters – Simple Filters vs. Advanced Filters
      • Constructing and Applying Specialty Filters
      • Importing / Exporting Filter Tables
    • Using a Host Table as a Multimedia Analysis Aid
  • Making The Call – Voice, Video and Fax Conversation Analysis
    • Multimedia Protocol Analysis Techniques
      • VoIP – H.323 In-Band Signaling
        • Commands / Responses
        • Session Setup / Tear-down
      • VoIP – SIP In-Band Signaling
        • Commands / Responses and Status Codes
        • Session Setup / Tear-down
        • SIP Trunking
      • VoIP – MGCP / Megaco In-Band Signaling
        • Commands / Responses
        • Session Setup / Tear-down
      • VoIP – SCCP / UNISTIM In-Band Signaling
        • Commands / Responses
        • Session Setup / Tear-down
      • Video over IP
        • Commands / Responses
        • Session Setup / Tear-down
      • T.38 Fax over IP
        • Commands / Responses
        • Session Setup / Tear-down
      • T.120 Conference over IP
      • T.38 Fax over IP
        • Commands / Responses
        • Session Setup / Tear-down
    • Diagramming and Interpreting a Multimedia Conversation
  • Expert Multimedia Analysis
    • Using Expert Systems to Evaluate Voice and Video Performance
    • Determining Which Conversations Have Problems – Analyzing Latency, Throughput,
    • Out-of-Sequence Packets and Jitter
    • Introduction to Fax over IP Analysis
      • Packet Payload Reconstruction
    • Introduction to Conference over IP Analysis
      • Packet Payload Reconstruction
    • Introduction to Visual Based Voice and Video Analysis
      • Packet Payload Reconstruction and Playback
  • Graphing and Reporting Multimedia Sessions
    • Using Pilot Reporting
    • Reporting and Exporting Data
  • Voice, Video and Fax over IP Security Considerations
    • Existing Vulnerabilities
    • Spoofing Caller ID
    • Common Multimedia Exploits

 

III. Where do we go from Here?

  • Wireshark 0 – TCP/IP Networking Fundamentals Using Wireshark
  • Wireshark 1 – TCP/IP Network Analysis
  • Wireshark 2 – Advanced Network and Security Analysis
  • Wireshark 3 – Network Forensics Analysis
  • Wireshark 4 – Mobile Device Forensics Analysis
  • Wireshark 5 – Cloud and Internet of Things (IoT) Advanced Network Analysis
  • Wireshark 6 – VoIP Advanced Network Analysis
  • Wireshark 7 – WiFi Advanced Network Analysis
  • Wireshark 8 – SCADA and ICS Advanced Network Analysis