[PLUG] ntpdate

dan at fiddlers-green.info dan at fiddlers-green.info
Fri Dec 16 20:53:37 UTC 2005 

Quoting Eli Stair <eli.stair at gmail.com>:

> You didn't specify what distribution, version, and ntp version you're
> running.  Try decoding what's going out on the wire during the ntpdate
> runs, check to make sure you're getting a response:

Sorry. It's ClarkConnect version 3.1, 2.6.9-27.cc kernel, unmodified from
install. NTPD is ntpd 4.2.0a at 1.1190-r. The version of ntpdate is ntpdate
4.2.0a at 1.1190-r. Both are unmodified from stock CC 3.1

> # tethereal -R "udp.port == 123"
> 
> Check that ntpd is running on the remote host (success of this command
> will vary by nmap version, server version)
> 
> # nmap -sU -sV IP -p 123
>
>/el1

I don't have either of those utilites on the box, so I'd have to build them.
When I run ntpdate -v hydrogen.cert.ucr.edu the tcpdump shows:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
11:50:46.488171 IP c-67-170-150-151.hsd1.or.comcast.net.ntp >
hydrogen.cert.ucr.edu.ntp: NTPv4, Client, length 4811:50:46.532580 IP
hydrogen.cert.ucr.edu.ntp > c-67-170-150-151.hsd1.or.comcast.net.ntp: NTPv4,
Server, length 4811:50:47.492961 IP c-67-170-150-151.hsd1.or.comcast.net.ntp >
hydrogen.cert.ucr.edu.ntp: NTPv4, Client, length 4811:50:47.538986 IP
hydrogen.cert.ucr.edu.ntp > c-67-170-150-151.hsd1.or.comcast.net.ntp: NTPv4,
Server, length 4811:50:48.497809 IP c-67-170-150-151.hsd1.or.comcast.net.ntp >
hydrogen.cert.ucr.edu.ntp: NTPv4, Client, length 4811:50:48.542584 IP
hydrogen.cert.ucr.edu.ntp > c-67-170-150-151.hsd1.or.comcast.net.ntp: NTPv4,
Server, length 4811:50:49.502656 IP c-67-170-150-151.hsd1.or.comcast.net.ntp >
hydrogen.cert.ucr.edu.ntp: NTPv4, Client, length 4811:50:49.546178 IP
hydrogen.cert.ucr.edu.ntp > c-67-170-150-151.hsd1.or.comcast.net.ntp: NTPv4,
Server, length 48

the ntpdate -d hydrogen.cert.ucr.edu gets a full response back, so I'm pretty
sure that port 123 is up and listening:
[root at osiligarth ~]# ntpdate -d hydrogen.cert.ucr.edu
16 Dec 11:52:11 ntpdate[19221]: ntpdate 4.2.0a at 1.1190-r Mon Feb 21 17:54:53 GMT
2005 (1)
Looking for host hydrogen.cert.ucr.edu and service ntp
host found : hydrogen.cert.ucr.edu
transmit(138.23.180.126)
receive(138.23.180.126)
transmit(138.23.180.126)
receive(138.23.180.126)
transmit(138.23.180.126)
receive(138.23.180.126)
transmit(138.23.180.126)
receive(138.23.180.126)
transmit(138.23.180.126)
server 138.23.180.126, port 123
stratum 2, precision -20, leap 00, trust 000
refid [138.23.180.126], delay 0.06964, dispersion 0.00009
transmitted 4, in filter 4
reference time:    c74d956c.444c0592  Fri, Dec 16 2005 11:35:08.266
originate timestamp: c74d996e.c389613d  Fri, Dec 16 2005 11:52:14.763
transmit timestamp:  c74d996c.2a256366  Fri, Dec 16 2005 11:52:12.164
filter delay:  0.07037  0.07085  0.06964  0.06972 
         0.00000  0.00000  0.00000  0.00000 
filter offset: 2.577112 2.577715 2.577084 2.577107
         0.000000 0.000000 0.000000 0.000000
delay 0.06964, dispersion 0.00009
offset 2.577084

16 Dec 11:52:12 ntpdate[19221]: step time server 138.23.180.126 offset 2.577084
sec

I know this is not a firewall problem becuase this is the gateway box and the
communications are going over the wan nic, so no firewall to contend with.

Quoting "M. Edward (Ed) Borasky" <znmeb at cesmail.net>:
> What distro are you using? Gentoo more or less automatically configures 
> ntp, and IIRC Debian does as well.
> 
> By the way, if you have a full NAT network, it's probably not necessary 
> to have a time server on your network at all -- just synchronize 
> everything to a public time server. However, if your network is isolated 
> from the Internet for security reasons, you'll need to have a server.
> 
> Here's the configuration info from Gentoo -- not sure how generally 
> applicable it is:

My boxes behind the router are Gentoo. I checked out the gentoo wiki for info,
but it didn't seem to help with the connection info using ntpdate.

Quoting Luke Eckley <luke at xifos.org>:
>The only problem I ever have with ntp is that it will not sync if the
>time is off by 180 seconds or more. That number might be off. First
>update your time, either with date, ntpdate, or some implementations of
>ntpd.
>
>I just installed openntpd ( a port of OpenBSD's ntpd ) on my gentoo
>machine and was able to update the time by running "ntpd -s"

I figured there would be a sync problem, but from the manpage it appeared that
ntpdate should update the time so they would be in sync. However, the local and
remote don't seem to be very far off:

16 Dec 13:06:59 ntpdate[26004]: ntpdate 4.2.0a at 1.1190-r Mon Feb 21 17:54:53 GMT
2005 (1)
Looking for host hydrogen.cert.ucr.edu and service ntp
...
reference time:    c74da97c.b47d5ed0  Fri, Dec 16 2005 13:00:44.705
originate timestamp: c74daaf6.ba69595f  Fri, Dec 16 2005 13:07:02.728
transmit timestamp:  c74daaf3.ceeafab5  Fri, Dec 16 2005 13:06:59.808
...
[root at osiligarth /]# date
Fri Dec 16 13:07:08 PST 2005

certainly not by 180 seconds or more.

thanks,
Dan H.

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

More information about the PLUG mailing list