Skip to content
/ arista_mac_timestamp Public

Wireshark / Tshark dissector to Arista 7280 timestamps from source mac address

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jcul/arista_mac_timestamp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 
arista_mac_timestamp.lua
arista_mac_timestamp.lua
 
 

Repository files navigation

Wireshark post-dissector to decode arista timestamps that are embedded in the source mac address, e.g. from an Arista 7280.

You can run the plugin using tshark or wireshark:

wireshark -Xlua_script:arista_mac_timestamp.lua
tshark -Xlua_script:arista_mac_timestamp.lua -rpcap -Tfields -earista_mac_timestamp.sec -earista_mac_timestamp.ns -earista_mac_timestamp.timestamp -earista_mac_timestamp.diff

The diff field is the current packet timestamp - previous packet timestamp.

Wireshark does not always dissect the packets in sequence, for example when a packet is clicked in the GUI it is dissected again. This means we can't always calculate the diff by just looking at the last packet. For tshark it should work OK.

Or you can install it by copying the lua script to wireshark's plugin directory:

https://www.wireshark.org/docs/wsug_html_chunked/ChPluginFolders.html

To enable / disable, in the GUI, Analyze->Enabled Protocols... (Ctrl+Shift+E).

About

Wireshark / Tshark dissector to Arista 7280 timestamps from source mac address

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages