NTP is used to synchronize the clock of a network client with a server. It's the primary work of David L. Mills, PhD.
The NTP server will (hopefully) have the precise time (probably directly from an atomic clock). The NTP client asks the NTP server about the current time, and then will adjust it's internal clock to that value. Adjusting the clock is not instantaneously, but smoothed over time towards the reference time sources selected. A lot of intricate details are involved, which are described in the relevant research project pages
The Wikipedia article has a relevant writeup of the protocol.
- UDP: Typically, NTP uses UDP as its transport protocol. The well known UDP port for NTP traffic is 123.
XXX - Add example traffic here (as plain text or Wireshark screenshot).
The NTP dissector is fully functional.
There are no NTP related preference settings.
SampleCaptures/NTP_with_MD5_key_foobar.pcap (MD5 encryption key: "foobar")
A complete list of NTP display filter fields can be found in the display filter reference
Show only the NTP based traffic:
You cannot directly filter NTP protocols while capturing. However, you can filter on the well known NTP UDP port 123.
Capture only the NTP based traffic:
udp port 123
On many systems, you can say "udp port ntp" rather than "udp port 123".
- RFC 5905 Network Time Protocol Version 4: Protocol and Algorithms Specification
RFC 958 Network Time Protocol
RFC 1059 Network Time Protocol (Version 1) Specification and Implementation
RFC 1119 Network Time Protocol (Version 2) Specification and Implementation
RFC 1305 Network Time Protocol (Version 3) Specification, Implementation and Analysis
ntp.org Home of the Network Time Protocol
Mills' NTP site Network Time Synchronization Research Project
pool.ntp.org The time server you should probably use
NTP at wikipedia - a good overview
Note: On WinXP the 'Windows Time' service must be stopped for NTP packets to be passed up the stack and visible to Wireshark.
Imported from https://wiki.wireshark.org/NTP on 2020-08-11 23:17:35 UTC