Network Time Protocol (NTP)

NTP is used to synchronize the clock of a network client with a server.

The NTP server will (hopefully) have the precise time (probably directly from an atomic clock).

The NTP client asks the NTP server about the current time, and then will set it's internal clock to that value.

XXX - add some info about precision, network latency, "smoothly" setting the clock and alike.


XXX - add a brief description of NTP history

Protocol dependencies

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).


The NTP dissector is fully functional.

Preference Settings

There are no NTP related preference settings.

Example capture file

Display Filter

A complete list of NTP display filter fields can be found in the display filter reference

Capture Filter

You cannot directly filter NTP protocols while capturing. However, you can filter on the well known NTP UDP port 123.

On many systems, you can say "udp port ntp" rather than "udp port 123".

Current RFC:

Obsoleted RFCs:

Other Information:


Note: On WinXP the 'Windows Time' service must be stopped for NTP packets to be passed up the stack and visible to Wireshark.

NTP (last edited 2014-02-05 23:12:31 by Terrance Crouch)