https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6114
Guy Harris <guy@xxxxxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Platform|x86 |All
Summary|For ICMP Time Response, In |In detail pane, Timestamp
|detail pane, Timestamp is |is incorrectly decoded in
|incorrectly decoded for MS |ICMP Timestamp Response
|Windows. |packets from MS Windows
OS/Version|Windows XP |All
--- Comment #1 from Guy Harris <guy@xxxxxxxxxxxx> 2011-07-12 21:58:44 PDT ---
Yeah, it appears that Windows might send out some time stamps in host byte
order (little-endian on all the machines on which mainstream Windows runs)
rather than in network byte order (big-endian):
http://mac.softpedia.com/get/Network-Admin/ICMPInfo.shtml
"ICMPInfo uses ICMP type 13 (timestamp RFC792) and 17 (netmask RFC950) for
retrieving the current time and the netmask of a remote host.
The time routine manages both the 2 "stack" methods used by the remote hosts
(for example Win shows time in a different byte order than Linux)."
http://repository.upenn.edu/cgi/viewcontent.cgi?article=1124&context=cis_reports&sei-redir=1#search=%22icmp%20timestamp%20windows%20byte%20order%22
"A specific problem observed, that is not shown in the results of Table 2, is a
bug in the ICMP Timestamp implementation that provides the Timestamp reply in
the wrong byte order, which was traced to end-points running Microsoft
operating systems."
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
