Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] SNTP Protocol

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 19 Sep 2008 09:30:31 -0700

On Sep 19, 2008, at 7:47 AM, Kukosa, Tomas wrote:

SNTP does not have own protocol format, it uses the same packets as NTP, i.e. Wiresahrk does not discern SNTP and NTP as there is anything like SNTP packet format, just NTP. As I know difference bteween NTP and SNTP is just in complexicity of communication among synchronized entities and in complexicity of handling of all those packets.

Yes, as you said, SNTP isn't a separate protocol from NTP; to quote, for example, RFC 1769:

This memorandum describes the Simple Network Time Protocol (SNTP), which is an adaptation of the Network Time Protocol (NTP) used to synchronize computer clocks in the Internet. SNTP can be used when the ultimate performance of the full NTP implementation described in RFC-1305 is not needed or justified. It can operate in both unicast modes (point to point) and broadcast modes (point to multipoint). It can also operate in IP multicast mode where this service is available. SNTP involves no change to the current or previous NTP specification versions or known implementations, but rather a clarification of certain design features of NTP which allow operation in a simple, stateless remote-procedure call (RPC) mode with accuracy and reliability expectations similar to the UDP/TIME protocol described in RFC-868.

and RFC 4330:

This memorandum describes the Simple Network Time Protocol Version 4 (SNTPv4), which is a subset of the Network Time Protocol (NTP) used to synchronize computer clocks in the Internet. SNTPv4 can be used when the ultimate performance of a full NTP implementation based on RFC 1305 is neither needed nor justified. When operating with current and previous NTP and SNTP versions, SNTPv4 requires no changes to the specifications or known implementations, but rather clarifies certain design features that allow operation in a simple, stateless remote- procedure call (RPC) mode with accuracy and reliability expectations similar to the UDP/TIME protocol described in RFC 868.

so, as you indicated, Wireshark "supports" SNTP because it dissects NTP packets and SNTP packets are just NTP packets.