Precise Time Protocol (PTP)
PTP is used to synchronize the clock of a network client with a server (similar to NTP). However, PTP is mainly used in LANs, with much higher precision than NTP (usually 10's of microseconds to 10's of nanoseconds). Is is specified in IEEE 1588.
History
For a detailed history, see http://www.nist.gov/el/isd/ieee/intro1588.cfm.
Protocol dependencies
-
UDP: Typically, PTP uses UDP as its transport protocol (although other transport protocols are possible). The well known UDP ports for PTP traffic are 319 (Event Message) and 320 (General Message).
-
Ethernet: Starting with IEEE1588 Version2, a native Layer2 Ethernet implementation was designed. PTP can use Ethernet as its transport protocol. The well known Ethernet type for PTP traffic is 0x88F7
Example traffic
Sync Message.
Followup Message
Delay Request Message
Delay Response Message
Wireshark
The PTP dissector seems to work properly.
Preference Settings
- UDP port(s):
UDP port(s)/range(s) to decode as PTP (Default: 319-320)
Future release - not in current 3.6.1 version
- "analyze_ptp_messages", "Analyze PTP messages", "Make the PTP dissector analyze PTP messages. Accurate Capture Timestamps required!", &ptp_analyze_messages);
Expert Information messages
static ei_register_info ei[] = {
{ &ei_ptp_v2_msg_len_too_large, { "ptp.v2.msg_len_too_large", PI_MALFORMED, PI_ERROR, "Message length goes past the end of the packet", EXPFILL }},
{ &ei_ptp_v2_msg_len_too_small, { "ptp.v2.msg_len_too_small", PI_MALFORMED, PI_ERROR, "Message length too short to include the message length field", EXPFILL }},
Future release - not in current 3.6.1 version
{ &ei_ptp_v2_sync_no_followup, { "ptp.v2.sync_no_fup", PI_PROTOCOL, PI_WARN, "No Follow Up for this 2-Step Sync", EXPFILL }},
{ &ei_ptp_v2_followup_no_sync, { "ptp.v2.fup_without_sync", PI_PROTOCOL, PI_WARN, "No Sync for this Follow Up", EXPFILL }},
{ &ei_ptp_v2_pdreq_no_pdresp, { "ptp.v2.pdelay_req_without_resp", PI_PROTOCOL, PI_WARN, "No Response for this Peer Delay Request", EXPFILL }},
{ &ei_ptp_v2_pdresp_no_pdreq, { "ptp.v2.pdelay_resp_without_req", PI_PROTOCOL, PI_WARN, "No Request for this Peer Delay Response", EXPFILL }},
{ &ei_ptp_v2_pdresp_no_pdfup, { "ptp.v2.pdelay_resp_without_fup", PI_PROTOCOL, PI_WARN, "No Follow Up for this Peer Delay Response", EXPFILL }},
{ &ei_ptp_v2_pdfup_no_pdresp, { "ptp.v2.pdelay_fup_without_resp", PI_PROTOCOL, PI_WARN, "No Response for this Peer Delay Follow Up", EXPFILL }},
};
Example capture file
-
SampleCaptures/ptpv2.pcap some PTP version 2 packets
-
SampleCaptures/ptpv2_anon.pcapng ptpv2.pcap modified with TraceWrangler to use non-standard ports (42319,42320)
Display Filter
A complete list of PTP display filter fields can be found in the display filter reference
Show only the PTP based traffic:
ptp
Capture Filter
You cannot directly filter PTP protocols while capturing. However, if you know the UDP port or Ethernet type used (see above), you can filter on that one.
Capture only the PTP traffic over the default UDP ports (319 and 320):
udp port 319 or udp port 320
Capture only the PTP traffic over the default Ethernet type (0x88F7):
ether proto 0x88F7
External links
Discussion
Imported from https://wiki.wireshark.org/Protocols/ptp on 2020-08-11 23:22:01 UTC