On 8/21/2001 at 9:22 AM Blue Boar wrote:
>Someone want to send a packet capture of a normal NTP exchange, and
>one of these XP ones?
Here are two packet captures. The first is from an SNTP exchange with time.windows.com. The second is with clepsydra.dec.com. (My own ip and MAC addresses have been sanitized.)
Thanks to BB for the packet decoding.
Greg
=======================================================================================
time.windows.com
- - - - - - - - - - - - - - - - - - - - Frame 1 - - - - - - - - - - - - - - - - - - - -
Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary
1 M [0.0.0.0] [207.46.228.33] 90 0:00:00.000 0.000.000 08/21/2001 12:59:26 PM NTP/SNTP: Version 1
DLC: ----- DLC Header -----
DLC:
DLC: Frame 1 arrived at 12:59:26.3229; frame size is 90 (005A hex) bytes.
DLC: Destination = Station 000000000000
DLC: Source = Station 000000000000
DLC: Ethertype = 0800 (IP)
DLC:
IP: ----- IP Header -----
IP:
IP: Version = 4, header length = 20 bytes
IP: Type of service = 00
IP: 000. .... = routine
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 76 bytes
IP: Identification = 48793
IP: Flags = 0X
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 128 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = F202 (correct)
IP: Source address = [0.0.0.0]
IP: Destination address = [207.46.228.33]
IP: No options
IP:
UDP: ----- UDP Header -----
UDP:
UDP: Source port = 123 (NTP)
UDP: Destination port = 123 (NTP)
UDP: Length = 56
UDP: Checksum = 7ED7 (correct)
UDP: [48 byte(s) of data]
UDP:
NTP: ----- NTP/SNTP header -----
NTP:
NTP: LI, VN, Mode: = 0B
NTP: 00.. .... = Leap Indicator 0(no warning)
NTP: ..00 1... = Version Number 1
NTP: .... .011 = Mode 3(client)
NTP: Stratum = 0 (unspecified)
NTP: Poll = 0 (invalid)
NTP: Precision = 0 (1 seconds)
NTP: Root Delay = 0. seconds
NTP: Root Dispersion = 0. seconds (invalid)
NTP: Reference Clock ID = (Unknown)
NTP: Reference Timestamp = 0 (undefined)
NTP: Originate Timestamp = Tue Aug 21 18:59:26 2001
NTP: Fraction = 0.27000610336276120091094970703125
NTP: Receive Timestamp = 0 (undefined)
NTP: Transmit Timestamp = 0 (undefined)
NTP:
NTP: [Normal end of "NTP/SNTP header".]
NTP:
ADDR HEX ASCII
0000: 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00 | ..............E.
0010: 00 4c be 99 00 00 80 11 f2 02 00 00 00 00 cf 2e | .L......ò.......
0020: e4 21 00 7b 00 7b 00 38 7e d7 0b 00 00 00 00 00 | .!.{.{.8~.......
0030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
0040: 00 00 bf 2d 2e 0e 45 1e b8 51 00 00 00 00 00 00 | ...-..E..Q......
0050: 00 00 00 00 00 00 00 00 00 00 | ..........
- - - - - - - - - - - - - - - - - - - - Frame 2 - - - - - - - - - - - - - - - - - - - -
Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary
2 [207.46.228.33] [0.0.0.0] 90 0:00:00.132 0.132.189 08/21/2001 12:59:26 PM NTP/SNTP: Version 3
DLC: ----- DLC Header -----
DLC:
DLC: Frame 2 arrived at 12:59:26.4551; frame size is 90 (005A hex) bytes.
DLC: Destination = Station 000000000000
DLC: Source = Station 000000000000
DLC: Ethertype = 0800 (IP)
DLC:
IP: ----- IP Header -----
IP:
IP: Version = 4, header length = 20 bytes
IP: Type of service = 00
IP: 000. .... = routine
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 76 bytes
IP: Identification = 5043
IP: Flags = 0X
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 56 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = E4E9 (correct)
IP: Source address = [207.46.228.33]
IP: Destination address = [0.0.0.0]
IP: No options
IP:
UDP: ----- UDP Header -----
UDP:
UDP: Source port = 123 (NTP)
UDP: Destination port = 123 (NTP)
UDP: Length = 56
UDP: Checksum = DE4D (correct)
UDP: [48 byte(s) of data]
UDP:
NTP: ----- NTP/SNTP header -----
NTP:
NTP: LI, VN, Mode: = 1C
NTP: 00.. .... = Leap Indicator 0(no warning)
NTP: ..01 1... = Version Number 3
NTP: .... .100 = Mode 4(server)
NTP: Stratum = 2 (secondary reference (via NTP))
NTP: Poll = 11 (2048 seconds)
NTP: Precision = -6 (2**-6 seconds)
NTP: Root Delay = 0.031219482421875 seconds
NTP: Root Dispersion = 0.048370361328125 seconds
NTP: Reference Clock ID = [192.43.244.18]
NTP: Reference Timestamp = Tue Aug 21 18:50:56 2001
NTP: Fraction = 0.92576600080321044181671142578125
NTP: Originate Timestamp = 0 (undefined)
NTP: Receive Timestamp = Tue Aug 21 18:59:27 2001
NTP: Fraction = 0.0983532712365706657257080078125
NTP: Transmit Timestamp = Tue Aug 21 18:59:27 2001
NTP: Fraction = 0.0983532712365706657257080078125
NTP:
NTP: [Normal end of "NTP/SNTP header".]
NTP:
ADDR HEX ASCII
0000: 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00 | ..............E.
0010: 00 4c 13 b3 00 00 38 11 e4 e9 cf 2e e4 21 00 00 | .L....8......!..
0020: 00 00 00 7b 00 7b 00 38 de 4d 1c 02 0b fa 00 00 | ...{.{.8.M......
0030: 07 fe 00 00 0c 62 c0 2b f4 12 bf 2d 2c 10 ec ff | .þ...b.+ô..-,...
0040: 00 25 00 00 00 00 00 00 00 00 bf 2d 2e 0f 19 2c | .%.........-...,
0050: e0 32 bf 2d 2e 0f 19 2c e0 32 | .2.-...,.2
=======================================================================================
clepsydra.dec.com
- - - - - - - - - - - - - - - - - - - - Frame 1 - - - - - - - - - - - - - - - - - - - -
Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary
1 M [0.0.0.0] [204.123.2.5] 90 0:00:00.000 0.000.000 08/21/2001 01:02:13 PM NTP/SNTP: Version 1
DLC: ----- DLC Header -----
DLC:
DLC: Frame 1 arrived at 13:02:13.0929; frame size is 90 (005A hex) bytes.
DLC: Destination = Station 000000000000
DLC: Source = Station 000000000000
DLC: Ethertype = 0800 (IP)
DLC:
IP: ----- IP Header -----
IP:
IP: Version = 4, header length = 20 bytes
IP: Type of service = 00
IP: 000. .... = routine
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 76 bytes
IP: Identification = 48839
IP: Flags = 0X
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 128 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = D6A4 (correct)
IP: Source address = [0.0.0.0]
IP: Destination address = [204.123.2.5]
IP: No options
IP:
UDP: ----- UDP Header -----
UDP:
UDP: Source port = 123 (NTP)
UDP: Destination port = 123 (NTP)
UDP: Length = 56
UDP: Checksum = 6AAE (correct)
UDP: [48 byte(s) of data]
UDP:
NTP: ----- NTP/SNTP header -----
NTP:
NTP: LI, VN, Mode: = 0B
NTP: 00.. .... = Leap Indicator 0(no warning)
NTP: ..00 1... = Version Number 1
NTP: .... .011 = Mode 3(client)
NTP: Stratum = 0 (unspecified)
NTP: Poll = 0 (invalid)
NTP: Precision = 0 (1 seconds)
NTP: Root Delay = 0. seconds
NTP: Root Dispersion = 0. seconds (invalid)
NTP: Reference Clock ID = (Unknown)
NTP: Reference Timestamp = 0 (undefined)
NTP: Originate Timestamp = Tue Aug 21 19:02:13 2001
NTP: Fraction = 0.07999999997296178954925537109375
NTP: Receive Timestamp = 0 (undefined)
NTP: Transmit Timestamp = 0 (undefined)
NTP:
NTP: [Normal end of "NTP/SNTP header".]
NTP:
ADDR HEX ASCII
0000: 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00 | ..............E.
0010: 00 4c be c7 00 00 80 11 d6 a4 00 00 00 00 cc 7b | .L.............{
0020: 02 05 00 7b 00 7b 00 38 6a ae 0b 00 00 00 00 00 | ...{.{.8j.......
0030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
0040: 00 00 bf 2d 2e b5 14 7a e1 47 00 00 00 00 00 00 | ...-...z.G......
0050: 00 00 00 00 00 00 00 00 00 00 | ..........
- - - - - - - - - - - - - - - - - - - - Frame 2 - - - - - - - - - - - - - - - - - - - -
Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary
2 [204.123.2.5] [0.0.0.0] 90 0:00:00.082 0.082.886 08/21/2001 01:02:13 PM NTP/SNTP: Version 1
DLC: ----- DLC Header -----
DLC:
DLC: Frame 2 arrived at 13:02:13.1758; frame size is 90 (005A hex) bytes.
DLC: Destination = Station 000000000000
DLC: Source = Station 000000000000
DLC: Ethertype = 0800 (IP)
DLC:
IP: ----- IP Header -----
IP:
IP: Version = 4, header length = 20 bytes
IP: Type of service = 00
IP: 000. .... = routine
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 76 bytes
IP: Identification = 54177
IP: Flags = 0X
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 54 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = 0BCB (correct)
IP: Source address = [204.123.2.5]
IP: Destination address = [0.0.0.0]
IP: No options
IP:
UDP: ----- UDP Header -----
UDP:
UDP: Source port = 123 (NTP)
UDP: Destination port = 123 (NTP)
UDP: Length = 56
UDP: Checksum = 99E3 (correct)
UDP: [48 byte(s) of data]
UDP:
NTP: ----- NTP/SNTP header -----
NTP:
NTP: LI, VN, Mode: = 0C
NTP: 00.. .... = Leap Indicator 0(no warning)
NTP: ..00 1... = Version Number 1
NTP: .... .100 = Mode 4(server)
NTP: Stratum = 1 (primary reference(e.g., radio clock))
NTP: Poll = 4 (16 seconds)
NTP: Precision = -16 (2**-16 seconds)
NTP: Root Delay = 0. seconds
NTP: Root Dispersion = 0.0018463134765625 seconds (invalid)
NTP: Reference Clock ID = GPS (GPS UHF satellite positioning)
NTP: Reference Timestamp = Tue Aug 21 19:01:10 2001
NTP: Fraction = 0.00801243438720703125
NTP: Originate Timestamp = 0 (undefined)
NTP: Receive Timestamp = Tue Aug 21 19:02:13 2001
NTP: Fraction = 0.35961669769287109375
NTP: Transmit Timestamp = Tue Aug 21 19:02:13 2001
NTP: Fraction = 0.36007786407470703125
NTP:
NTP: [Normal end of "NTP/SNTP header".]
NTP:
ADDR HEX ASCII
0000: 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00 | ..............E.
0010: 00 4c d3 a1 00 00 36 11 0b cb cc 7b 02 05 00 00 | .L....6....{....
0020: 00 00 00 7b 00 7b 00 38 99 e3 0c 01 04 f0 00 00 | ...{.{.8.....ð..
0030: 00 00 00 00 00 79 47 50 53 00 bf 2d 2e 76 02 0d | .....yGPS..-.v..
0040: 10 00 00 00 00 00 00 00 00 00 bf 2d 2e b5 5c 0f | ...........-..\.
0050: 70 00 bf 2d 2e b5 5c 2e 10 00 | p..-..\...
This archive was generated by hypermail 2b30 : Tue Aug 21 2001 - 21:50:00 PDT