WildPackets offers VoIP tools in the midst of IP network analysis

We tested Version 5.1 of WildPackets' flagship product, the OmniPeek Enterprise with its distributed-data-capture-and-analysis core software called OmniEngine. The enterprise package — which can collect data from an unlimited number of OmniEngines watching various parts of the network — is the only WildPackets control distribution that supports VoIP monitoring and analysis.

WildPacket's OmniEngine Manager keeps tight remote-control over the distributed OmniEngines and analyzes data from them that has been compressed and encrypted with a proprietary technique. Installing the remote engines was a basic Microsoft Windows installation. Configuring the remote engines — to set up the initial traffic filters and start the analysis for specific protocols or network addresses — was simple.

To avoid sending unnecessarily large files over the network, the OmniManager requests only those portions of the data capture that are really needed for its analysis. In our testing, the network traffic was reduced to less than a tenth of the bandwidth used by other products accessing remote-capture information. Even though analysis does not require a full downloading of remote captures, OmniPeek still allows the operator to download the entire capture-file for data archiving and full offline access to that backed-up data store.

Although the product did a pretty good job analyzing VoIP traffic, it still was obvious to us from the way the GUI was organized that its focus still lies in watching other types of traffic. In a few cases, we had to hunt for the analysis data we were seeking among a seemingly overwhelming interface of other network data.

The Visual Expert interface is part of OmniPeek Enterprise's GUI component, which has an effective "top talkers" display and provides a very effective ladder-diagram of conversation transactions pieced together from multisegment analysis captures. The interface is very customizable compared with similar features in the other products tested.

The ladder diagram depicts the stages of the SIP call-setup, and once the call is connected it superimposes plots of the voice-quality, R-factor and jitter metrics on the screen. We could clearly see when the server was slow to respond to the connection request and see when voice quality degraded because of overloaded network conditions.

The Expert System included in the OmniPeek GUI diagnoses network problems based on 26 VoIP-specific events it uses to trigger alarms. Monitored items include SIP client error, SIP server error, RTP late packet arrival, low-MOS call quality, low R-factor, low conversational quality and many others. The tool was particularly effective in identifying the sources of problems relating to media-analysis and voice-quality assessment of calls in progress.

During our testing, OmniPeek did a good job of alerting us to problems, such as VoIP device disconnections. Event notification and alarms highlighted excessive latency and packet loss when we induced them on the network. However, we encountered a problem during one of the tests when the product could not accurately report the latency (using RTCP information) of the VoIP traffic while connected to a mirrored port on the network. The other tests we conducted ran well, with OmniPeek detecting our battery of network impairments, and induced faults without much difficulty.