# PCAP Analyzer for IRIG106 Chapter 10 and IEEE1588 PTP A Python tool for analyzing Wireshark PCAP files containing IRIG106 Chapter 10 streaming data and IEEE1588 PTP frames. ## Features - **Chapter 10 Analysis**: Parses IRIG106 Chapter 10 headers and displays packet details in tabular format - **PTP Analysis**: Analyzes IEEE1588 PTP messages (Sync, Announce, Delay_Req, etc.) - **Statistical Analysis**: Provides timing statistics and detects intermittent issues such as: - Timing outliers and jitter - Sequence number gaps and duplicates - Message distribution analysis ## Installation 1. Install dependencies: ```bash python3 -m venv venv source venv/bin/activate pip install -r requirements.txt ``` ## Usage ### Basic Analysis ```bash python3 pcap_analyzer.py "1 PTPGM.pcapng" ``` ### Options - `--ch10-only`: Show only Chapter 10 analysis - `--ptp-only`: Show only PTP analysis - `--stats-only`: Show only statistical analysis - `--summary-only`: Show only summary information (no detailed tables or stats) - `--no-tables`: Skip detailed packet tables (show summaries and stats only) - `--tmats`: Display TMATS (Telemetry Attributes Transfer Standard) content - `--tmats-only`: Show only TMATS content ### Examples ```bash # Analyze only PTP packets python3 pcap_analyzer.py --ptp-only "1 PTPGM.pcapng" # Show only statistics python3 pcap_analyzer.py --stats-only "1 PTPGM.pcapng" # Show only summaries (quick overview) python3 pcap_analyzer.py --summary-only "1 PTPGM.pcapng" # Show summaries and statistics but skip detailed tables python3 pcap_analyzer.py --no-tables "1 PTPGM.pcapng" # Display TMATS metadata content python3 pcap_analyzer.py --tmats "1 PTPGM.pcapng" # Show only TMATS content python3 pcap_analyzer.py --tmats-only "1 PTPGM.pcapng" ``` ## Output The tool provides five types of analysis: 1. **Protocol Summaries**: High-level overview with packet counts, time spans, and distribution statistics 2. **Detailed Packet Tables**: Complete packet-by-packet analysis (Chapter 10 and PTP) 3. **Statistical Analysis**: Timing statistics, outlier detection, and intermittent issue identification 4. **TMATS Content**: Assembled telemetry metadata and scaling information from Chapter 10 TMATS frames ### Summary Output - **Chapter 10 Summary**: Packet counts, channel distribution, data type distribution, size statistics, and data rates - **PTP Summary**: Message type distribution, domain analysis, source IP breakdown, and timing rates - **TMATS Output**: Complete assembled ASCII metadata with frame counts and statistics ## Chapter 10 Header Fields - **Sync Pattern**: Should be 0xEB25 for valid Ch10 packets - **Channel ID**: Identifies the data source - **Sequence Number**: Packet sequence (0-255, wraps around) - **Data Type**: Type of data payload - **Packet/Data Length**: Size information - **Flags**: Status and configuration flags ## PTP Message Types - **Sync**: Master clock synchronization - **Follow_Up**: Precise timing information - **Delay_Req**: Slave delay measurement request - **Delay_Resp**: Master delay measurement response - **Announce**: Clock quality and hierarchy information ## TMATS (Telemetry Attributes Transfer Standard) TMATS frames contain ASCII metadata that describes the telemetry setup, channel configurations, and scaling information: - **Automatic Assembly**: Combines multiple TMATS frames into complete metadata - **ASCII Display**: Clean formatting of telemetry attributes - **Statistics**: Frame counts, total length, attribute and comment line counts - **Mixed Frame Support**: Handles both full Chapter 10 headers and continuation frames ## Statistical Features - **Timing Analysis**: Interval statistics, jitter detection - **Sequence Analysis**: Gap detection, duplicate identification - **Distribution Analysis**: Message type frequency - **Outlier Detection**: Identifies packets with unusual timing - **Frame Number Reporting**: Shows actual PCAP frame numbers for easy Wireshark correlation