Wireshark mailing list archives

Re: IP Options TimeStamp

From: vyaaghrah-wire () yahoo com
Date: Mon, 16 Aug 2010 02:22:27 -0700 (PDT)

Hi Jaap

Not Sure what wireshark tells, but i have figured out after going through the 
RFC to generate the IP Option for Time Stamp. Following are the fields for 
TimeStamp options


|01000100| length | pointer|oflw|flg|

i was missing the pointer while generating the IP Option for Time Stamp packet 
for which min legal value is 5, after setting that it worked.

Thanks


 
Regards
Abhijeet.C




----- Original Message ----
From: Jaap Keuter <jaap.keuter () xs4all nl>
To: Community support list for Wireshark <wireshark-users () wireshark org>
Sent: Mon, August 16, 2010 12:48:19 PM
Subject: Re: [Wireshark-users] IP Options TimeStamp

Hello,

Obvious question, since this is the Wireshark Users forum, not the TCPDump 
forum: What does Wireshark tell you when loading this capture?

Thanks,
Jaap

On 08/16/2010 08:40 AM, vyaaghrah-wire () yahoo com wrote:

Hi Everybody

below is the o/p from tcpdump

06:31:23.417329  In IP (tos 0x0, ttl  64, id 0, offset 0, flags [none], proto:
TCP (6), length: 46, optlength: 4 ( TS{[bad ptr 0]TSONLY} )) 1.1.1.2.30583>
10.1.1.1.23: . 0:2(2) win 0

06:31:23.417358 Out IP (tos 0x0, ttl 255, id 41672, offset 0, flags [DF], 
proto:
ICMP (1), length: 60) 10.1.1.1>  1.1.1.2: ICMP parameter problem - octet 22,
length 40
         IP (tos 0x0, ttl  64, id 0, offset 0, flags [none], proto: TCP (6),
length: 46, optlength: 4 ( TS{[bad ptr 0]TSONLY} )) 1.1.1.2.30583>  
10.1.1.1.23:
[|tcp]


I am trying to generate a IP Option packet(using IXIA) with Time Stamp Set but 
i
am getting this  error[optlength: 4 ( TS{[bad ptr 0]TSONLY} ))]  what the

error

suggest i am missing anything from the packet. The packet is getting counted

as

bad ip option.

Kindly suggest.


Regards
Abhijeet.C


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

IP Options TimeStamp vyaaghrah-wire (Aug 15)
- Re: IP Options TimeStamp Jaap Keuter (Aug 16)
  - Re: IP Options TimeStamp vyaaghrah-wire (Aug 16)