Precise Time Protocol (PTP)

PTP is used to synchronize the clock of a network client with a server (similar to NTP). However, PTP is mainly used in LANs, with much higher precision than NTP (usually 10's of microseconds to 10's of nanoseconds). Is is specified in IEEE 1588.

History

For a detailed history, see http://ieee1588.nist.gov/intro.htm.

Protocol dependencies

• UDP: Typically, PTP uses UDP as its transport protocol (although other transport protocols are possible). The well known UDP ports for PTP traffic are 319 (Event Message) and 320 (General Message).

• Ethernet: Starting with IEEE1588 Version2, a native Layer2 Ethernet implementation was designed. PTP can use Ethernet as its transport protocol. The well known Ethernet type for PTP traffic is 0x88F7

Example traffic

XXX - Add example decoded traffic for this protocol here (as plain text or Wireshark screenshot).

Wireshark

The PTP dissector seems to work properly.

Preference Settings

There are no preference settings affecting PTP.

Example capture file

• SampleCaptures/PTP_sync.pcap

• SampleCaptures/ptpv2.pcap some PTP version 2 packets

Display Filter

A complete list of PTP display filter fields can be found in the display filter reference

• Show only the PTP based traffic:

   ptp 

Capture Filter

You cannot directly filter PTP protocols while capturing. However, if you know the UDP port or Ethernet type used (see above), you can filter on that one.

• Capture only the PTP traffic over the default UDP ports (319 and 320):

   udp port 319 or udp port 320 

  Capture only the PTP traffic over the default Ethernet type (0x88F7):

   ether proto 0x88F7 

External links

• IEEE 1588 Standard

• PTP Wikipedia page

Discussion