NTP
Network Time Protocol
Port: 123
https://tools.ietf.org/pdf/rfc5905.pdf
https://en.wikipedia.org/wiki/Network_Time_Protocol
Generate NTP Query/Response with netcat
echo -ne '\xE3\x00\x06\xEC\x31\x4E\x31\x34\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' | nc -xu time.nist.gov 123
Sent 48 bytes to the socket
00000000 E3 00 06 EC 31 4E 31 34 00 00 00 00 00 00 00 00 ....1N14........
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Received 48 bytes from the socket
00000000 24 01 06 E3 00 00 00 00 00 00 00 00 41 43 54 53 $...........ACTS
00000010 DB 7C 1C DC 4B E0 57 2D 00 00 00 00 00 00 00 00 .|..K.W-........
00000020 DB 7C 1C E4 49 93 89 E4 DB 7C 1C E4 49 94 47 B5 .|..I....|..I.G.
The 4 bytes underlined indicate the actual time stamp data, starting in the response at index 40, and are in the form of a 32-bit value representing the number of seconds since January 1st 1900.
Hex to Decimal: 0xDB = 219 0x7C = 124 0x1C = 28 0xE4 = 228 Binary equivalent: 11011011011111000001110011100100 Sum the 4 bytes in to one 32-bit value: 219 << 24 + 124 << 16 + 28 << 8 + 228 = 3674210304 Convert to epoch by subtracting 70 years worth of seconds: epoch = 3682344164 - 2208988800 Extract the time: hours = epoch % (24 * 60 * 60) mins = epoch % (60 * 60) secs = epoch % 60 The full time and date of the time stamp: Thu, 08 Sep 2016 17:22:44 GMT