Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] IP Options TimeStamp

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: vyaaghrah-wire@xxxxxxxxx
Date: Mon, 16 Aug 2010 02:22:27 -0700 (PDT)
Hi Jaap

Not Sure what wireshark tells, but i have figured out after going through the 
RFC to generate the IP Option for Time Stamp. Following are the fields for 
TimeStamp options


|01000100| length | pointer|oflw|flg|

i was missing the pointer while generating the IP Option for Time Stamp packet 
for which min legal value is 5, after setting that it worked.

Thanks


 
Regards
Abhijeet.C




----- Original Message ----
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Sent: Mon, August 16, 2010 12:48:19 PM
Subject: Re: [Wireshark-users] IP Options TimeStamp

Hello,

Obvious question, since this is the Wireshark Users forum, not the TCPDump 
forum: What does Wireshark tell you when loading this capture?

Thanks,
Jaap

On 08/16/2010 08:40 AM, vyaaghrah-wire@xxxxxxxxx wrote:
> Hi Everybody
>
> below is the o/p from tcpdump
>
> 06:31:23.417329  In IP (tos 0x0, ttl  64, id 0, offset 0, flags [none], proto:
> TCP (6), length: 46, optlength: 4 ( TS{[bad ptr 0]TSONLY} )) 1.1.1.2.30583>
> 10.1.1.1.23: . 0:2(2) win 0
>
> 06:31:23.417358 Out IP (tos 0x0, ttl 255, id 41672, offset 0, flags [DF], 
>proto:
> ICMP (1), length: 60) 10.1.1.1>  1.1.1.2: ICMP parameter problem - octet 22,
> length 40
>          IP (tos 0x0, ttl  64, id 0, offset 0, flags [none], proto: TCP (6),
> length: 46, optlength: 4 ( TS{[bad ptr 0]TSONLY} )) 1.1.1.2.30583>  
>10.1.1.1.23:
> [|tcp]
>
>
> I am trying to generate a IP Option packet(using IXIA) with Time Stamp Set but 
>i
> am getting this  error[optlength: 4 ( TS{[bad ptr 0]TSONLY} ))]  what the 
error
> suggest i am missing anything from the packet. The packet is getting counted 
as
> bad ip option.
>
> Kindly suggest.
>
>
> Regards
> Abhijeet.C
>

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube