> I'm still trying to avoid the tcpdump solution for these reasons : I don't mean to be argumentative, but I don't understand your reasons for trying to avoid tcpdump.
> - promiscuous mode is not safe Not safe in what way? Since you are the one receiving the packets in promiscuous mode, you know for a fact that you aren't going to do anything malicious with the data you receive in that manner. Also, if you are running tcpdump on your NTP server (as opposed to on a router in front of your NTP server), you can run it with the -p flag to prevent it from putting the interface into promiscuous mode. > - tcpdump should be use only for troubleshooting Why's that? > - tcpdump is capturing the whole packet where we only need a part of it. By default, tcpdump will only capture the first 68 bytes of each packet. You can use the -s flag to set this to a different value. Even if tcpdump did capture the whole packet, NTP packets are "only" 80 bytes, so I'm not sure how much difference it would really make. > I looked a bit around and the only proper solution i found was to use > iptables and ULOG. My concern now is that's generating io. What kind of computer are you running this on where performance is such a tight constraint? Cheers, Rusty _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
