Re: [ntp:questions] Legitimate Source Ports for NTP traffic?

[Miroslav Lichvar]

On Tue, Nov 20, 2018 at 11:19:24AM -0600, Jason Rabel wrote:
> In response to my own question I looked a little deeper into the odd
> traffic using tcpdump. Best I can tell they are indeed properly
> formatted NTP requests, the curious bit is seeing most of these
> requests having a precision of -6 or -7. While I know some older MS OS
> set their internal time update to around that, they also use the
> microsoft time servers by default.

Precision of -6 seems to be common. It's used by ntpdate for example.
Not sure about -7.

I suspect the number one reason for getting requests from privileged
ports different than 123 is NAT. If there are two NTP clients behind
NAT using port 123, one of them will have to get a different port.

-- 
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Legitimate Source Ports for NTP traffic?

[Jason Rabel]

In response to my own question I looked a little deeper into the odd
traffic using tcpdump. Best I can tell they are indeed properly
formatted NTP requests, the curious bit is seeing most of these
requests having a precision of -6 or -7. While I know some older MS OS
set their internal time update to around that, they also use the
microsoft time servers by default.

My best guess is that these are modems / routers / other embedded-type
equipment syncing their own clock and using a low port number that
never gets used as their source port as to not interfere with the
traffic they are passing through...
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions