Traffic analyzer IP Multicast

Developer By :Joel Urtubia2016

Problem

Analyze a multicast traffic and store errors is very userfull for know how is the health of an IPTV network.

For this reason is necessary a tool that measuring multicast traffic, analyze and save data if found an errors.

Solution

Parameters to Analyze

• Continuity counter.• PMT table.• PID.• Jitter packets.• Scrambled Data.

PMT Table

Program Map Tables (PMTs) contain information about programs. For each program, there is one PMT. While the MPEG-2 standard permits more than one PMT section to be transmitted on a single PID (Single Transport stream PID contains PMT information of more than one program), most MPEG-2 "users" such as ATSC and SCTE require each PMT to be transmitted on a separate PID that is not used for any other packets

Continuity Counter

• Continuity Counter (CC) is carried in the header of every Transport Packet (TP) of the Transport Stream (TS).

• The CC is incremented every time the TP has a payload.

• CC is on 4 bits the value should go from 0x00 to 0x0F and loop each finish the 0x0F packet.

• Each pid create you own CC and use this bytes for generate a counter for check the continuity of each PID.

PID

• Each table or elementary stream in a transport stream is identified by a 13-bit packet identifier (PID). A demultiplexer extracts elementary streams from the transport stream in part by looking for packets identified by the same PID. In most applications, time-division multiplexing will be used to decide how often a particular PID appears in the transport stream.

Jitter packets

• Jitter is defined as a variation in the delay of received packets. At the sending side, packets are sent in a continuous stream with the packets spaced evenly apart. Due to network congestion, improper queuing, or configuration errors, this steady stream can become lumpy, or the delay between each packet can vary instead of remaining constant.

Solution Based at ISO/IEC 13818-1

Solution Based at ISO/IEC 13818-1

Multicast MpegTS trafficCapture Incomming traffic

Pharse trafficAnd store all data write MongoDB

Analyze traffic each 1 second offlineWrite only errors and write Mysql DB

Each 1 minute get a screenshot

Solution Based at ISO/IEC 13818-1

Get Pids from Mysql DBGet Data LiveGet TS corruptedGet Delay packets only Video PIDGet EPG for specific programGet History data

Retrive data

Which parameter can it measure?

• Delay packets of each PID, Live.• Bandwidth of each PID , Live. • Errors of each PID , Live. • Identify Subtitles PID and Audio PID , Live.• Check for if stream was encrypted.• Delay packets of each PID ,accumulated.• Bandwidth of each PID ,accumulated.• Errors of each PID ,accumulated.

Results

Live data collectedBw vs Delay

• Live Resume Bw per multicast.• Live Delay per multicast.• PIDs of stream.• EPG of actual stream.• Screenshot of stream.

Live data collectedBw vs Delay

Live data collectedError vs Delay

• Live Error per multicast.• Live Delay per multicast.• PIDs of stream.• EPG of actual stream.• Screenshot of stream.

Live data collectedError vs Delay

Resume collectedError / Delay

• Resume Error per multicast.• Resume Delay per multicast.

Resume collectedError / Delay

TS MulticastSoftware used

• Tcpdump• Wireshark version 2.0• Centos Version 6.7• MongoDB Version 3.0• Mysql 5.6.30• PHP Versión 5.8• Connector PHP Mongo DB version 1.6• HighCharts• Javascript

Next steps

• Move all software on a raspberry PI and create a cheap tool.

Contact:

• Joel Urtubia Ugarte.• Electronic Engineer• Expert on IPTV.• Certificated on MongoDB.• Mail: joelurtubiaugarte@gmail.com