Network Time Protocol (NTP)

NTP is used to synchronize the clock of a network client with a server.

The NTP server will (hopefully) have the precise time (probably directly from an atomic clock).

The NTP client asks the NTP server about the current time, and then will set it's internal clock to that value.

XXX - add some info about precision, network latency, "smoothly" setting the clock and alike.

History

XXX - add a brief description of NTP history

Protocol dependencies

• UDP: Typically, NTP uses UDP as its transport protocol. The well known UDP port for NTP traffic is 123.

Example traffic

XXX - Add example traffic here (as plain text or Wireshark screenshot).

Wireshark

The NTP dissector is fully functional.

Preference Settings

There are no NTP related preference settings.

Example capture file

• SampleCaptures/NTP_sync.pcap

• SampleCaptures/NTP_with_MD5_key_foobar.pcap (MD5 encryption key: "foobar")

Display Filter

A complete list of NTP display filter fields can be found in the display filter reference

• Show only the NTP based traffic:

   ntp 

Capture Filter

You cannot directly filter NTP protocols while capturing. However, you can filter on the well known NTP UDP port 123.

• Capture only the NTP based traffic:

   udp port 123 

On many systems, you can say "udp port ntp" rather than "udp port 123".

External links

Current RFC:

• RFC 1305 Network Time Protocol (Version 3)

Obsoleted RFCs:

• RFC 958 Network Time Protocol

• RFC 1059 Network Time Protocol (Version 1) Specification and Implementation

• RFC 1119 Network Time Protocol (Version 2) Specification and Implementation

Other Information:

• - ntp.org Home of the Network Time Protocol

• - pool.ntp.org The time server you should probably use

• Public NTP Time Server Lists Other public NTP servers

• NTP at wikipedia - a good overview

Discussion

Note: On WinXP the 'Windows Time' service must be stopped for NTP packets to be passed up the stack and visible to Wireshark.