Network Time Protocol (NTP)
NTP is used to synchronize the clock of a network client with a server.
The NTP server will (hopefully) have the precise time (probably directly from an atomic clock).
The NTP client asks the NTP server about the current time, and then will set it's internal clock to that value.
XXX - add some info about precision, network latency, "smoothly" setting the clock and alike.
XXX - add a brief description of NTP history
XXX - Add example traffic here (as plain text or Wireshark screenshot).
The NTP dissector is fully functional.
There are no NTP related preference settings.
Example capture file
SampleCaptures/NTP_with_MD5_key_foobar.pcap (MD5 encryption key: "foobar")
A complete list of NTP display filter fields can be found in the display filter reference
- Show only the NTP based traffic:
You cannot directly filter NTP protocols while capturing. However, you can filter on the well known NTP UDP port 123.
- Capture only the NTP based traffic:
udp port 123
On many systems, you can say "udp port ntp" rather than "udp port 123".
RFC 1305 Network Time Protocol (Version 3)
RFC 958 Network Time Protocol
RFC 1059 Network Time Protocol (Version 1) Specification and Implementation
RFC 1119 Network Time Protocol (Version 2) Specification and Implementation
- ntp.org Home of the Network Time Protocol
- pool.ntp.org The time server you should probably use
Public NTP Time Server Lists Other public NTP servers
NTP at wikipedia - a good overview
Note: On WinXP the 'Windows Time' service must be stopped for NTP packets to be passed up the stack and visible to Wireshark.