Troubleshooting VoIP networks is not a trivial task. Fortunately,
Empirix�s Hammer Call Analyzer (HCA) makes the job much easier for network
administrators, developers, and service providers to pinpoint VoIP
problems. HCA is essentially a specialized network analyzer specifically
designed to capture, decode, and filter VoIP and TDM traffic, including
SIP and H.323, as well as ISDN, MEGACO, MGCP, and SS7. HCA has the unique
ability to associate messages �vertically� (i.e., within a signaling
domain). By clicking on a single message, it can bring up the Associated
Call Window with all of the messages from the call, within the domain.
With release 1.2, they�ve added the ability to auto-associate the
different legs across signaling domains of the call (e.g., TDM and IP, or
different VoIP protocols for signaling gateways or session border
controllers). Thus, for example you can see via the Associated Call Window
a TDM to IP to TDM call through two gateways. Since there are no standards
for the mapping of calls between signaling domains, the HCA gives the user
the capability of configuring the analyzer to recognize whatever scheme is
used.
Capturing Data And Filters We tested HCA and were quite
impressed with the feature-set. One feature of note is that you can save
captured packets on the HCA to a capture file for future analysis. While
capturing packets you can specify a capture filter using a user-friendly
interface that allows you to for example specify �capture SIP packets�,
�capture source IP=xxx.xxx.xxx.xxx,� �capture destination
IP=xxx.xxx.xxx.xxx,� capture based on protocol events, and much more. A
nice feature is the ability to turn off auto-scroll since thousands of
packets can be whizzing by the screen faster than you can read them. You
can specify whether to �OR� your specified criteria (at least one item
must match) or you can �AND� your criteria (all must match) in order to be
captured. You can also use powerful regular expressions for pattern
matching to, for example, find a SIP From header that contains �5551212�.
As part of the capturing capabilities you can actually capture a �window�
around a trigger event, what Empirix terms �pre-capture�-- so you can see
what happened X number of packets BEFORE the triggered event occurred.
This is a critical feature to determine what was going on before the
trigger occurred.
In addition to �capture filters� you can also define �display filters�
to �weed out� all the chaff and only display important packets. The
display filters are identical to the capture filters in how you define
your selection criteria, which certainly improves the learning
curve.
Triggers Similarly, you can also define
triggers based on similar criteria that will perform a certain action,
such as perform a beep, display a message box, or send an e-mail. In fact,
while we were checking out the Preferences screen, we noticed an e-mail
tab that had no description on this tab stating how the e-mail address was
used. Fortunately, the online help was very good and it revealed that this
e-mail address could be used by the Call Analyzer to send an e-mail when a
trigger occurs. Certainly, this is a great way to have the Call Analyzer
running constantly and monitoring VoIP traffic unattended and then receive
an e-mail notification when a trigger occurs. In any event, we really
liked the consistent user interface of the capture and display filters as
well as the triggers within the Hammer Call Analyzer.
Main
GUI The main graphical user interface is broken down into four
quadrants, comprised of the frame list, the call flow/call list, the frame
decode, and the data decode. Within the main interface you can look at the
frame stack, view a hierarchal decode, a hex decode, or even display a
text-based decode.
As we previously mentioned, the HCA has the protocol �smarts� to
recognize that they are part of a context and associate the packets with a
particular call. From the main GUI you can also view G.711 RTP streams as
a waveform and even play back the recorded RTP stream. HCA also displays
important speech quality statistics such as jitter, R-Factor, and Mean
Opinion Score.
One minor feature of note is that the Hammer Call Analyzer shows error
code descriptions -- for example it will tell you that error 486 is
�busy�. Another feature we should point out is that from the Hammer Call
Analyzer you can easily see the SIP back off invite frequency algorithm
(doubling the time after each invite). For instance we were able to see
that the invites were sent at one-half second, one second, two seconds,
four seconds, and eight seconds. This is useful to not only test the
back-off algorithm but to see if the invites are going through and why the
remote end is not answering the
invite.
FEATURES
Multi-stage call flow
display �Graphically displays all call legs. �Shows
signaling through multiple protocols. �Displays events in
real-time.
Call List �Maintains a list of
individual call sessions. �Provides summary information for each
call.
VoIP and TDM Decode �H.323 (H.225, H.245), SIP, MGCP,
MEGACO (H.248), RTP, RTCP. �ISDN (Q.921, Q.931), SS7 (ISUP, TUP,
MTP2). �Provides a hierarchical display of decoded data by network
layer.
Protocol-Aware Searching, Filtering, and Capturing
�Display or capture frames based on protocol or field values.
�Search for static values or use regular
expressions.
Protocol-Aware Capture Triggering
�Monitor network traffic for specific events that will trigger
a capture session. �Send e-mail notification when a trigger occurs.
�Set a pre-trigger buffer to capture frames on the network just prior
to a trigger event.
ROOM FOR IMPROVEMENT There was not much to complain about
with this product. Our main suggestion might be to allow for more advanced
filtering. The current filtering is very easy to use, but we�d like to be
able to perform complex Boolean algebra with parenthesis for setting the
order of operations. For instance, �(Source IP=192.0.1.5 or Destination
IP=192.0.1.7 or Source IP=192.0.1.10) and SIP Packets=TRUE�. Empirix told
us they have plans to provide this type of functionality in the future. Of
course we could always use the BPF/Libpcap language to write complex
filters, but this is not as user friendly as a graphically driven
interface.
Unfortunately the HCA only supports the G.711 codec when decoding RTP
streams for playback although it does support other codecs for stream
quality analysis (jitter, R-Factor, Mean Opinion Score). We�d like to see
support for decoding other RTP codecs, although this may be a licensing
issue.
CONCLUSION Empirix�s Hammer Call Analyzer is the
dream tool for VoIP developers, VoIP service providers, and network
administrators. With its unique integrated VoIP and TDM support, it is
without a doubt the perfect tool to add to your arsenal to quickly
pinpoint VoIP and TDM problems -- making this software an easy choice to
merit an Internet Telephony Editors� Choice Award.
[ Return To The September Table Of Contents ] |