https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5357
Summary: IP Timestamp Option: "flag=3" variant (prespecified)
not displayed correctly
Product: Wireshark
Version: SVN
Platform: All
OS/Version: All
Status: NEW
Severity: Trivial
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: simon.leinen@xxxxxxxxx
Created an attachment (id=5408)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5408)
Patch for wireshark (SVN trunk) to improve decoding of RFC 781 IP Timestamp
option
Build Information:
TShark 1.5.0 (SVN Rev 34747 from /trunk)
--
The IP Timestamp Option (RFC 781) has three variants. One (flag=0) just stores
a sequence timestamps in the option, but the other two (flag=1 and flag=3)
store alternate IP addresses and timestamps. Wireshark correctly decodes the
flag=1 variant, but not flag=3 (timestamps for prespecified addresses).
This is sample output of an unpatched tshark when decoding the IP Options of a
packet carrying the flag=3 variant of the IP Timestamp Option:
: leinen@momp2[wireshark]; /usr/bin/tshark -c 1 -V -r /tmp/out.pcap | grep -A
10 Options:
Options: (20 bytes)
Time stamp:
Pointer: 13
Overflow: 0
Flag: Time stamps for prespecified addresses
Time stamp = 2184912641
Time stamp = 84013699
Time stamp = 2184907523
Time stamp = 0
Internet Control Message Protocol
Type: 0 (Echo (ping) reply)
After applying the patch below, the output will look like this:
: leinen@momp2[wireshark]; ./tshark -c 1 -V -r /tmp/out.pcap | grep -A 10
Options:
Options: (20 bytes)
Time stamp:
Pointer: 13
Overflow: 0
Flag: Time stamps for prespecified addresses
Address = 130.59.31.1, time stamp = 84013699
Address = 130.59.11.3, time stamp = 0
Internet Control Message Protocol
Type: 0 (Echo (ping) reply)
Code: 0
Checksum: 0x3962
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.