[VoiceOps] network jitter tools

[Alex Balashov]

I think the key is that something specific to the voice domain most  
likely indexes RTP and/or SIP packets by protocol-specific criteria,  
much in the manner in which database indexes operate.  In-memory data  
structures such as hash tables and binary trees are used, keyed to  
things like Call-ID GUID, port / IP tuples, etc.

Wireshark, as I understand it, just does a full text search on the  
payloads.

I don't know for certain that this is how Wireshark actually works.   
However, that would explain why searching for packets matching certain  
header field values (exactly or wildcard/pattern) takes so long.

--
Sent from mobile device

On Sep 1, 2009, at 12:41 PM, "J. Oquendo" <sil at infiltrated.net> wrote:

> Alex Balashov wrote:
>> Brooks Bridges wrote:
>>
>>> Does anyone have a suggestion for another wireshark type application
>>> for windows that won’t explode when trying to load RTP captures over
>>> ~500MB?
>>
>> I've loaded multi-gigabyte captures into the Linux version.  It
>> doesn't explode, it just eats RAM.  A lot of RAM.
>>
>> Oh, and, at that point it's so dog slow to filter, analyse or
>> aggregate anything that I lose patience and move onto watching  
>> paint dry.
>>
> I use OmniPeek from Wildpackets on my desktop machine when I need to
> open huge files. 4GB ram quad core phenom, Vista. Works fine for me so
> far. Depending on the size of the dumps, opening a 2GB file usually
> takes under a minute to sort it all out. For the voice side, as much  
> as
> I like Wireshark, it couldn't touch Omni with a 20ft pole.
>
> -- 
>
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> J. Oquendo
> SGFA, SGFE, C|EH, CNDA, CHFI, OSCP
>
> "It takes 20 years to build a reputation and five minutes to
> ruin it. If you think about that, you'll do things
> differently." - Warren Buffett
>
> 227C 5D35 7DCB 0893 95AA  4771 1DCE 1FD1 5CCD 6B5E
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E
>