QoS Analysis with Wireshark: 3 Case Studies

Quality of Service (QoS) is crucial for managing and prioritizing network traffic, ensuring that critical applications and services receive the necessary resources. In this article, we'll dive into three case studies using Wireshark to analyze QoS at both Layer 2 (802.1Q) and Layer 3 (ToS/DSCP).

Case Study 1: Analyzing QoS in a VoIP Network

In a Voice over IP (VoIP) network, it's essential to prioritize voice traffic to ensure call quality. Using Wireshark, we can analyze the QoS settings applied to VoIP packets.

  1. Capture VoIP traffic: Start by capturing VoIP traffic using a capture filter like udp portrange 10000-20000.
  2. Identify QoS fields: Examine the ToS field in the IP header and the 802.1Q priority field in the Ethernet header. VoIP traffic should have a high priority value (e.g., 5 for ToS and 6 for 802.1Q).
  3. Add QoS columns: In Wireshark, add custom columns for ToS and 802.1Q priority fields by right-clicking on the respective fields in the packet details pane and selecting "Apply as Column."
  4. Analyze QoS settings: Sort and filter the captured packets based on the QoS columns to verify that voice traffic is prioritized correctly.

Case Study 2: Troubleshooting QoS in a Video Streaming Application

In a network with video streaming, ensuring smooth playback requires proper QoS settings. Use Wireshark to identify potential issues with QoS configuration.

  1. Capture video traffic: Use a capture filter like tcp port 1935 (for RTMP) or tcp port 80,443 (for HTTP/S streaming).
  2. Identify QoS fields: Check the ToS and 802.1Q priority fields in the captured packets. Video traffic should have a medium to high priority value (e.g., 4 for ToS and 4 for 802.1Q).
  3. Analyze QoS settings: Filter and sort packets based on the QoS columns and look for inconsistencies in traffic prioritization or potential misconfigurations in the network devices.

Case Study 3: Ensuring QoS for Business-Critical Applications

Business-critical applications require proper QoS settings to guarantee performance. With Wireshark, verify that these applications receive the appropriate priority.

  1. Capture application traffic: Identify the ports used by the business-critical applications and create a capture filter (e.g., tcp port 3389 for Remote Desktop Protocol).
  2. Identify QoS fields: Examine the ToS and 802.1Q priority fields for the captured packets. Business-critical applications should have a high priority value (e.g., 6 for ToS and 5 for 802.1Q).
  3. Analyze QoS settings: Filter and sort packets based on the QoS columns, verifying that business-critical applications receive the necessary priority and resources.

By leveraging Wireshark's powerful analysis features, you can gain valuable insights into QoS settings and ensure optimal network performance. To further enhance your Wireshark skills, consider enrolling in our WIRED for Packet Analysis training course and exploring the PacketSafari online PCAP analyzer.