SOUND
ADVICE
Wireshark: The New “Oscilloscope” for AES67/AES70
By Anthony P. Kuzub
W
ith IP audio, copper and glass are not carrying baseband
audio or AES3; packets are moving bits, not a voltage
representing sound. Audio is converted to a PCM serial-
ized data stream then encapsulated into synchronized
packets. Protocols are rules about packet structures and
“conversation” that you are moving around the network. Protocols build on
and depend on other protocols. In other words: IEEE 802 + IEEE 1588 + IETF
RFC (many) + SMPTE Standard + AES Standard + idea = New Protocol. AES67
audio transport is augmented with AES70 control information.
In the past, an oscilloscope was used to analyze, troubleshoot, measure
quality, confirm signal integrity, and identify anomalies. On a network, you
need a “protocol analyzer,” and an open-source initiative called Wireshark is
now the industry-standard tool. All professional sound engineers should
familiarize themselves with it. Anyone can try this on any network and you
can watch protocols talk to one another.
Network problems can be difficult to trace down. It’s in the ether. You
would need 12 scopes to probe a 24-channel snake. In IP, you just need a
simple laptop ethernet port and Wireshark. (What follows is not a tutorial and
is a huge oversimplification of Wireshark’s power. This information is intended
to help audio engineers identify AES67 RTP packets.)
Wireshark has three main parts: the filter toolbar, the packet lists, and the
packet detail.
Filtering the information gives you the ability to identify select packets
of interest. On a scope, you would have the signal gen DUT Probe
Filter Scope input. Wireshark needs to present you with the signal you
care to analyze. You can filter by IP address or by protocol or by a number of
other permutations. In the case of an AES67 ST2110-30, you would search
for the RTP packets in the Administratively Scoped address space of 239.x.y.z
AES67 is augmented with AES70, Ravenna, SIP, SAP, and NMOS. You can
search specific filters for networking protocols used related to those suites.
Filter for the connection protocols: sip or rtsp or sap or mdns or dns to see device
announcements.
Analyzing the measurement quality is done by looking at the inside of the
packets once filtered. On a scope, there is time information on the X and volt-
age on the Y. Wireshark timestamps each packet and preserves its contents.
There are certain formulas (size and structure) that a packet will conform to.
There are also certain timings and packet spacings that packets will conform
to. In order to know their function, regardless of what type of protocol it is,
Wireshark has various toolsets and protocol-specific analysis tools to decode/
visualize and probe.
Troubleshooting is to find out why or why not, how come, and always
know what the front port is going on! A multicast can only be captured if the
switch hardware allows it (read IGMP). Wireshark allows you to see the network
traffic of the selected ethernet port, device requests, or responses in order to
identify these network-level packet problems.
Recording network activity to analyze “packet captures” and quality of
network is key. The icon of a blue fin is a network/USB record button. Clicking it
captures and records this network traffic. The traffic is formed in packets. These
packets are routed (out of this article’s scope) with Addresses (IP/COM BUSS ID).
Don’t forget to File Save As in order to store for future analysis. Identifying
anomalies can be surprising in networking, so let me know what you find.
Run Wireshark. It’s the most amazing network oscilloscope and it’s free:
www.wireshark.org.
Anthony P. Kuzub is the senior systems designer at CBC - Radio-Canada and also
the Vice Chair for the Toronto Section of the Audio Engineering Society.
www.Like.audio
56 PROFESSIONAL SOUND