Hello, We are monitoring NTP packets using Wireshark application (version 2.2.3). In those frames found issue that frame's timestamp is about 1600 millisecond older than the timestamp carried by that particular timestamp and this behavior seems incorrect As Wireshark in any case shouldn't be sent future timestamps. This issue is observed on Windows7 Professional while same issue is not observed on windows server 2012 R2 standard. asked 22 Dec '16, 03:00  Deepak jindal |
One Answer:
The timestamp in the NTP data is derived from the NTP server and the round-trip between the client and the server and the timestamp of the frame is derived by the capture mechanism on the capturing host, and as such they are from different clocks and so could be different. answered 22 Dec '16, 05:02  grahamb ♦ |
