Vulnerability Development mailing list archives
Re: Windows XP RC2
From: "Gregory McCann" <cambria () owt com>
Date: Tue, 21 Aug 2001 14:37:43 -0700
On 8/21/2001 at 9:22 AM Blue Boar wrote:
Someone want to send a packet capture of a normal NTP exchange, and one of these XP ones?
Here are two packet captures. The first is from an SNTP exchange with time.windows.com. The second is with
clepsydra.dec.com. (My own ip and MAC addresses have been sanitized.)
Thanks to BB for the packet decoding.
Greg
=======================================================================================
time.windows.com
- - - - - - - - - - - - - - - - - - - - Frame 1 - - - - - - - - - - - - - - - - - - - -
Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary
1 M [0.0.0.0] [207.46.228.33] 90 0:00:00.000 0.000.000 08/21/2001 12:59:26 PM NTP/SNTP: Version 1
DLC: ----- DLC Header -----
DLC:
DLC: Frame 1 arrived at 12:59:26.3229; frame size is 90 (005A hex) bytes.
DLC: Destination = Station 000000000000
DLC: Source = Station 000000000000
DLC: Ethertype = 0800 (IP)
DLC:
IP: ----- IP Header -----
IP:
IP: Version = 4, header length = 20 bytes
IP: Type of service = 00
IP: 000. .... = routine
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 76 bytes
IP: Identification = 48793
IP: Flags = 0X
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 128 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = F202 (correct)
IP: Source address = [0.0.0.0]
IP: Destination address = [207.46.228.33]
IP: No options
IP:
UDP: ----- UDP Header -----
UDP:
UDP: Source port = 123 (NTP)
UDP: Destination port = 123 (NTP)
UDP: Length = 56
UDP: Checksum = 7ED7 (correct)
UDP: [48 byte(s) of data]
UDP:
NTP: ----- NTP/SNTP header -----
NTP:
NTP: LI, VN, Mode: = 0B
NTP: 00.. .... = Leap Indicator 0(no warning)
NTP: ..00 1... = Version Number 1
NTP: .... .011 = Mode 3(client)
NTP: Stratum = 0 (unspecified)
NTP: Poll = 0 (invalid)
NTP: Precision = 0 (1 seconds)
NTP: Root Delay = 0. seconds
NTP: Root Dispersion = 0. seconds (invalid)
NTP: Reference Clock ID = (Unknown)
NTP: Reference Timestamp = 0 (undefined)
NTP: Originate Timestamp = Tue Aug 21 18:59:26 2001
NTP: Fraction = 0.27000610336276120091094970703125
NTP: Receive Timestamp = 0 (undefined)
NTP: Transmit Timestamp = 0 (undefined)
NTP:
NTP: [Normal end of "NTP/SNTP header".]
NTP:
ADDR HEX ASCII
0000: 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00 | ..............E.
0010: 00 4c be 99 00 00 80 11 f2 02 00 00 00 00 cf 2e | .L......ò.......
0020: e4 21 00 7b 00 7b 00 38 7e d7 0b 00 00 00 00 00 | .!.{.{.8~.......
0030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
0040: 00 00 bf 2d 2e 0e 45 1e b8 51 00 00 00 00 00 00 | ...-..E..Q......
0050: 00 00 00 00 00 00 00 00 00 00 | ..........
- - - - - - - - - - - - - - - - - - - - Frame 2 - - - - - - - - - - - - - - - - - - - -
Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary
2 [207.46.228.33] [0.0.0.0] 90 0:00:00.132 0.132.189 08/21/2001 12:59:26 PM NTP/SNTP: Version 3
DLC: ----- DLC Header -----
DLC:
DLC: Frame 2 arrived at 12:59:26.4551; frame size is 90 (005A hex) bytes.
DLC: Destination = Station 000000000000
DLC: Source = Station 000000000000
DLC: Ethertype = 0800 (IP)
DLC:
IP: ----- IP Header -----
IP:
IP: Version = 4, header length = 20 bytes
IP: Type of service = 00
IP: 000. .... = routine
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 76 bytes
IP: Identification = 5043
IP: Flags = 0X
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 56 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = E4E9 (correct)
IP: Source address = [207.46.228.33]
IP: Destination address = [0.0.0.0]
IP: No options
IP:
UDP: ----- UDP Header -----
UDP:
UDP: Source port = 123 (NTP)
UDP: Destination port = 123 (NTP)
UDP: Length = 56
UDP: Checksum = DE4D (correct)
UDP: [48 byte(s) of data]
UDP:
NTP: ----- NTP/SNTP header -----
NTP:
NTP: LI, VN, Mode: = 1C
NTP: 00.. .... = Leap Indicator 0(no warning)
NTP: ..01 1... = Version Number 3
NTP: .... .100 = Mode 4(server)
NTP: Stratum = 2 (secondary reference (via NTP))
NTP: Poll = 11 (2048 seconds)
NTP: Precision = -6 (2**-6 seconds)
NTP: Root Delay = 0.031219482421875 seconds
NTP: Root Dispersion = 0.048370361328125 seconds
NTP: Reference Clock ID = [192.43.244.18]
NTP: Reference Timestamp = Tue Aug 21 18:50:56 2001
NTP: Fraction = 0.92576600080321044181671142578125
NTP: Originate Timestamp = 0 (undefined)
NTP: Receive Timestamp = Tue Aug 21 18:59:27 2001
NTP: Fraction = 0.0983532712365706657257080078125
NTP: Transmit Timestamp = Tue Aug 21 18:59:27 2001
NTP: Fraction = 0.0983532712365706657257080078125
NTP:
NTP: [Normal end of "NTP/SNTP header".]
NTP:
ADDR HEX ASCII
0000: 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00 | ..............E.
0010: 00 4c 13 b3 00 00 38 11 e4 e9 cf 2e e4 21 00 00 | .L....8......!..
0020: 00 00 00 7b 00 7b 00 38 de 4d 1c 02 0b fa 00 00 | ...{.{.8.M......
0030: 07 fe 00 00 0c 62 c0 2b f4 12 bf 2d 2c 10 ec ff | .þ...b.+ô..-,...
0040: 00 25 00 00 00 00 00 00 00 00 bf 2d 2e 0f 19 2c | .%.........-...,
0050: e0 32 bf 2d 2e 0f 19 2c e0 32 | .2.-...,.2
=======================================================================================
clepsydra.dec.com
- - - - - - - - - - - - - - - - - - - - Frame 1 - - - - - - - - - - - - - - - - - - - -
Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary
1 M [0.0.0.0] [204.123.2.5] 90 0:00:00.000 0.000.000 08/21/2001 01:02:13 PM NTP/SNTP: Version 1
DLC: ----- DLC Header -----
DLC:
DLC: Frame 1 arrived at 13:02:13.0929; frame size is 90 (005A hex) bytes.
DLC: Destination = Station 000000000000
DLC: Source = Station 000000000000
DLC: Ethertype = 0800 (IP)
DLC:
IP: ----- IP Header -----
IP:
IP: Version = 4, header length = 20 bytes
IP: Type of service = 00
IP: 000. .... = routine
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 76 bytes
IP: Identification = 48839
IP: Flags = 0X
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 128 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = D6A4 (correct)
IP: Source address = [0.0.0.0]
IP: Destination address = [204.123.2.5]
IP: No options
IP:
UDP: ----- UDP Header -----
UDP:
UDP: Source port = 123 (NTP)
UDP: Destination port = 123 (NTP)
UDP: Length = 56
UDP: Checksum = 6AAE (correct)
UDP: [48 byte(s) of data]
UDP:
NTP: ----- NTP/SNTP header -----
NTP:
NTP: LI, VN, Mode: = 0B
NTP: 00.. .... = Leap Indicator 0(no warning)
NTP: ..00 1... = Version Number 1
NTP: .... .011 = Mode 3(client)
NTP: Stratum = 0 (unspecified)
NTP: Poll = 0 (invalid)
NTP: Precision = 0 (1 seconds)
NTP: Root Delay = 0. seconds
NTP: Root Dispersion = 0. seconds (invalid)
NTP: Reference Clock ID = (Unknown)
NTP: Reference Timestamp = 0 (undefined)
NTP: Originate Timestamp = Tue Aug 21 19:02:13 2001
NTP: Fraction = 0.07999999997296178954925537109375
NTP: Receive Timestamp = 0 (undefined)
NTP: Transmit Timestamp = 0 (undefined)
NTP:
NTP: [Normal end of "NTP/SNTP header".]
NTP:
ADDR HEX ASCII
0000: 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00 | ..............E.
0010: 00 4c be c7 00 00 80 11 d6 a4 00 00 00 00 cc 7b | .L.............{
0020: 02 05 00 7b 00 7b 00 38 6a ae 0b 00 00 00 00 00 | ...{.{.8j.......
0030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
0040: 00 00 bf 2d 2e b5 14 7a e1 47 00 00 00 00 00 00 | ...-...z.G......
0050: 00 00 00 00 00 00 00 00 00 00 | ..........
- - - - - - - - - - - - - - - - - - - - Frame 2 - - - - - - - - - - - - - - - - - - - -
Frame Status Source Address Dest. Address Size Rel. Time Delta Time Abs. Time Summary
2 [204.123.2.5] [0.0.0.0] 90 0:00:00.082 0.082.886 08/21/2001 01:02:13 PM NTP/SNTP: Version 1
DLC: ----- DLC Header -----
DLC:
DLC: Frame 2 arrived at 13:02:13.1758; frame size is 90 (005A hex) bytes.
DLC: Destination = Station 000000000000
DLC: Source = Station 000000000000
DLC: Ethertype = 0800 (IP)
DLC:
IP: ----- IP Header -----
IP:
IP: Version = 4, header length = 20 bytes
IP: Type of service = 00
IP: 000. .... = routine
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 76 bytes
IP: Identification = 54177
IP: Flags = 0X
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 54 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = 0BCB (correct)
IP: Source address = [204.123.2.5]
IP: Destination address = [0.0.0.0]
IP: No options
IP:
UDP: ----- UDP Header -----
UDP:
UDP: Source port = 123 (NTP)
UDP: Destination port = 123 (NTP)
UDP: Length = 56
UDP: Checksum = 99E3 (correct)
UDP: [48 byte(s) of data]
UDP:
NTP: ----- NTP/SNTP header -----
NTP:
NTP: LI, VN, Mode: = 0C
NTP: 00.. .... = Leap Indicator 0(no warning)
NTP: ..00 1... = Version Number 1
NTP: .... .100 = Mode 4(server)
NTP: Stratum = 1 (primary reference(e.g., radio clock))
NTP: Poll = 4 (16 seconds)
NTP: Precision = -16 (2**-16 seconds)
NTP: Root Delay = 0. seconds
NTP: Root Dispersion = 0.0018463134765625 seconds (invalid)
NTP: Reference Clock ID = GPS (GPS UHF satellite positioning)
NTP: Reference Timestamp = Tue Aug 21 19:01:10 2001
NTP: Fraction = 0.00801243438720703125
NTP: Originate Timestamp = 0 (undefined)
NTP: Receive Timestamp = Tue Aug 21 19:02:13 2001
NTP: Fraction = 0.35961669769287109375
NTP: Transmit Timestamp = Tue Aug 21 19:02:13 2001
NTP: Fraction = 0.36007786407470703125
NTP:
NTP: [Normal end of "NTP/SNTP header".]
NTP:
ADDR HEX ASCII
0000: 00 00 00 00 00 00 00 00 00 00 00 00 08 00 45 00 | ..............E.
0010: 00 4c d3 a1 00 00 36 11 0b cb cc 7b 02 05 00 00 | .L....6....{....
0020: 00 00 00 7b 00 7b 00 38 99 e3 0c 01 04 f0 00 00 | ...{.{.8.....ð..
0030: 00 00 00 00 00 79 47 50 53 00 bf 2d 2e 76 02 0d | .....yGPS..-.v..
0040: 10 00 00 00 00 00 00 00 00 00 bf 2d 2e b5 5c 0f | ...........-..\.
0050: 70 00 bf 2d 2e b5 5c 2e 10 00 | p..-..\...
Current thread:
- Windows XP RC2 Dino (Aug 20)
- RE: Windows XP RC2 Thomas Reagan (Aug 20)
- Re: Windows XP RC2 Derek Kwan (Aug 20)
- Re: Windows XP RC2 John Galt (Aug 20)
- Re: Windows XP RC2 bugtraq (Aug 20)
- Re: Windows XP RC2 Gregory McCann (Aug 20)
- Re: Windows XP RC2 Dino (Aug 21)
- Re: Windows XP RC2 Blue Boar (Aug 21)
- Re: Windows XP RC2 Gregory McCann (Aug 21)
- Re: Windows XP RC2 herrold (Aug 21)
- Re: Windows XP RC2 Michel Arboi (Aug 21)
- Re: Windows XP RC2 Dennis McHenry (Aug 20)
- RE: Windows XP RC2 Dom De Vitto (Aug 21)
- Re: Windows XP RC2 Jason Legate (Aug 21)
- RE: Windows XP RC2 Dom De Vitto (Aug 21)
- Re: Windows XP RC2 Christopher McCrory (Aug 21)
- Re: Windows XP RC2 Dimitry Andric (Aug 22)
- <Possible follow-ups>
- RE: Windows XP RC2 Petruzel, Oliver (Aug 20)
- Re: Windows XP RC2 fintler (Aug 23)