ITEXPO begins in:   New Coverage :  Asterisk  |  Fax Software  |  SIP Phones  |  Small Cells

Product Reviews
September 2003

Hammer Call Analyzer

205 Lowell St.
Wilmington, MA 01887
Web site: http://www.empirix.com/

Price: $9,900 for IP only; TDM/IP -- $49,900

Editor's Choice Award

Installation: 5
Documentation: 4.5
Features: 5
GUI: 5
Overall: A+

Troubleshooting VoIP networks is not a trivial task. Fortunately, Empirix�s Hammer Call Analyzer (HCA) makes the job much easier for network administrators, developers, and service providers to pinpoint VoIP problems. HCA is essentially a specialized network analyzer specifically designed to capture, decode, and filter VoIP and TDM traffic, including SIP and H.323, as well as ISDN, MEGACO, MGCP, and SS7. HCA has the unique ability to associate messages �vertically� (i.e., within a signaling domain). By clicking on a single message, it can bring up the Associated Call Window with all of the messages from the call, within the domain. With release 1.2, they�ve added the ability to auto-associate the different legs across signaling domains of the call (e.g., TDM and IP, or different VoIP protocols for signaling gateways or session border controllers). Thus, for example you can see via the Associated Call Window a TDM to IP to TDM call through two gateways. Since there are no standards for the mapping of calls between signaling domains, the HCA gives the user the capability of configuring the analyzer to recognize whatever scheme is used.

Capturing Data And Filters
We tested HCA and were quite impressed with the feature-set. One feature of note is that you can save captured packets on the HCA to a capture file for future analysis. While capturing packets you can specify a capture filter using a user-friendly interface that allows you to for example specify �capture SIP packets�, �capture source IP=xxx.xxx.xxx.xxx,� �capture destination IP=xxx.xxx.xxx.xxx,� capture based on protocol events, and much more. A nice feature is the ability to turn off auto-scroll since thousands of packets can be whizzing by the screen faster than you can read them. You can specify whether to �OR� your specified criteria (at least one item must match) or you can �AND� your criteria (all must match) in order to be captured. You can also use powerful regular expressions for pattern matching to, for example, find a SIP From header that contains �5551212�. As part of the capturing capabilities you can actually capture a �window� around a trigger event, what Empirix terms �pre-capture�-- so you can see what happened X number of packets BEFORE the triggered event occurred. This is a critical feature to determine what was going on before the trigger occurred.

In addition to �capture filters� you can also define �display filters� to �weed out� all the chaff and only display important packets. The display filters are identical to the capture filters in how you define your selection criteria, which certainly improves the learning curve.

Similarly, you can also define triggers based on similar criteria that will perform a certain action, such as perform a beep, display a message box, or send an e-mail. In fact, while we were checking out the Preferences screen, we noticed an e-mail tab that had no description on this tab stating how the e-mail address was used. Fortunately, the online help was very good and it revealed that this e-mail address could be used by the Call Analyzer to send an e-mail when a trigger occurs. Certainly, this is a great way to have the Call Analyzer running constantly and monitoring VoIP traffic unattended and then receive an e-mail notification when a trigger occurs. In any event, we really liked the consistent user interface of the capture and display filters as well as the triggers within the Hammer Call Analyzer.

Main GUI
The main graphical user interface is broken down into four quadrants, comprised of the frame list, the call flow/call list, the frame decode, and the data decode. Within the main interface you can look at the frame stack, view a hierarchal decode, a hex decode, or even display a text-based decode.

As we previously mentioned, the HCA has the protocol �smarts� to recognize that they are part of a context and associate the packets with a particular call. From the main GUI you can also view G.711 RTP streams as a waveform and even play back the recorded RTP stream. HCA also displays important speech quality statistics such as jitter, R-Factor, and Mean Opinion Score.

One minor feature of note is that the Hammer Call Analyzer shows error code descriptions -- for example it will tell you that error 486 is �busy�. Another feature we should point out is that from the Hammer Call Analyzer you can easily see the SIP back off invite frequency algorithm (doubling the time after each invite). For instance we were able to see that the invites were sent at one-half second, one second, two seconds, four seconds, and eight seconds. This is useful to not only test the back-off algorithm but to see if the invites are going through and why the remote end is not answering the invite.


Multi-stage call flow display
�Graphically displays all call legs.
�Shows signaling through multiple protocols.
�Displays events in real-time.

Call List

�Maintains a list of individual call sessions.
�Provides summary information for each call.

VoIP and TDM Decode
�H.323 (H.225, H.245), SIP, MGCP, MEGACO (H.248), RTP, RTCP.
�ISDN (Q.921, Q.931), SS7 (ISUP, TUP, MTP2).
�Provides a hierarchical display of decoded data by network layer.

Protocol-Aware Searching, Filtering, and Capturing
�Display or capture frames based on protocol or field values.
�Search for static values or use regular expressions.

Protocol-Aware Capture Triggering
�Monitor network traffic for specific events that will trigger a capture session.
�Send e-mail notification when a trigger occurs.
�Set a pre-trigger buffer to capture frames on the network just prior to a trigger event.

There was not much to complain about with this product. Our main suggestion might be to allow for more advanced filtering. The current filtering is very easy to use, but we�d like to be able to perform complex Boolean algebra with parenthesis for setting the order of operations. For instance, �(Source IP= or Destination IP= or Source IP= and SIP Packets=TRUE�. Empirix told us they have plans to provide this type of functionality in the future. Of course we could always use the BPF/Libpcap language to write complex filters, but this is not as user friendly as a graphically driven interface.

Unfortunately the HCA only supports the G.711 codec when decoding RTP streams for playback although it does support other codecs for stream quality analysis (jitter, R-Factor, Mean Opinion Score). We�d like to see support for decoding other RTP codecs, although this may be a licensing issue.

Empirix�s Hammer Call Analyzer is the dream tool for VoIP developers, VoIP service providers, and network administrators. With its unique integrated VoIP and TDM support, it is without a doubt the perfect tool to add to your arsenal to quickly pinpoint VoIP and TDM problems -- making this software an easy choice to merit an Internet Telephony Editors� Choice Award.

[ Return To The September Table Of Contents ]

Today @ TMC
Upcoming Events
ITEXPO West 2012
October 2- 5, 2012
The Austin Convention Center
Austin, Texas
The World's Premier Managed Services and Cloud Computing Event
Click for Dates and Locations
Mobility Tech Conference & Expo
October 3- 5, 2012
The Austin Convention Center
Austin, Texas
Cloud Communications Summit
October 3- 5, 2012
The Austin Convention Center
Austin, Texas