decoding NTP data

["Ulrich Windl" <ulrich.windl () rz uni-regensburg de>]

Hello,

please see the attachment (original message bounced).

Ulrich


> --- Begin Message ---
>
>
> From: MAILER-DAEMON () rrzmta1 rz uni-regensburg de (Mail Delivery System)
>
> Date: Wed, 12 Aug 2009 10:45:32 +0200 (CEST)
>
> This is the mail system at host rrzmta1.rz.uni-regensburg.de.
>
> I'm sorry to have to inform you that your message could not
> be delivered to one or more recipients. It's attached below.
>
> For further assistance, please send mail to postmaster.
>
> If you do so, please include this problem report. You can
> delete your own text from the attached returned message.
>
>                    The mail system
>
> <tcpdump-workers () tcpdump org>: host mailhost.sandelman.ca[209.87.252.178] said:
>     550 <tcpdump-workers () tcpdump org>: Recipient address rejected: User unknown
>     in local recipient table (in reply to RCPT TO command)
>
> Reporting-MTA: dns; rrzmta1.rz.uni-regensburg.de
> X-Postfix-Queue-ID: 5409EA6D
> X-Postfix-Sender: rfc822; ulrich.windl@rz.uni-regensburg.de
> Arrival-Date: Wed, 12 Aug 2009 10:35:45 +0200 (CEST)
>
> Final-Recipient: rfc822; tcpdump-workers@tcpdump.org
> Original-Recipient: rfc822;tcpdump-workers@tcpdump.org
> Action: failed
> Status: 5.0.0
> Remote-MTA: dns; mailhost.sandelman.ca
> Diagnostic-Code: smtp; 550 <tcpdump-workers@tcpdump.org>: Recipient address
>     rejected: User unknown in local recipient table
> > --- Begin Message ---
> >
> >
> > From: "Ulrich Windl" <ulrich.windl () rz uni-regensburg de>
> >
> > Date: Wed, 12 Aug 2009 10:36:10 +0200
> >
> > Hello,
> >
> > this is for tcpdump-3.9.4-14.6 as found on SLES10 SP2:
> >
> > When decoding NTP packets there are some problems:
> >
> > 1) Status queries (e.g. mode 6 and mode 7) use a different format, and should be 
> > treated differently from normal NTP time stamp messages. Otherwise you get 
> > nonsense-decodes like this:
> >         Reserved, Leap indicator:  (0), Stratum 130, poll 0s, precision 33
> >         Root Delay: 1780.000000, Root dispersion: 0.006011, Reference-ID: 
> > 118.101.114.115
> >           Reference Timestamp:  1768910397.134497910 (2092/02/26 19:28:13)
> >           Originator Timestamp: 1679832110.196017533 (2089/05/01 19:30:06)
> >           Receive Timestamp:    859844910.192217841 (2063/05/08 05:16:46)
> >           Transmit Timestamp:   762257478.446916610 (2060/04/03 17:39:34)
> >             Originator - Receive Timestamp:  -819987200.003799691
> >             Originator - Transmit Timestamp: -917574631.749100923
> >
> > 2) Decoding of "poll" is wong: It's not seconds, but 2^seconds, so in
> >         symmetric active, Leap indicator:  (0), Stratum 4, poll 7s, precision -20
> >
> > the "7s" should be "2^7s" (128s)
> >
> > 3) It's better not to decode than decoding wrongly.
> >
> > Sorry if those problems were fixed ages before.
> >
> > Regards,
> > Ulrich
> >
> >
> > --- End Message ---
>
> --- End Message ---
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.