Recent NTP pool traffic increase

Gary E. Miller gem at
Sun Dec 18 03:03:16 UTC 2016

Yo All!

On Sat, 17 Dec 2016 17:56:32 -0800
"Gary E. Miller" <gem at> wrote:

> # tcpdump -nvvi eth0 port 123 |grep "Originator - Transmit Timestamp:"
> And I do indeed get odd results.  Some on my local network...

To follow up on this.  The weirdness is just what chronyd has done
since before version 2.2.  Chronyd gets 'clever' when it fills in
the data fields of an NTP packet.

The RFC says a clients sends a server a packet with its current time in
the 'Transmit Timestamp'.  Chronyd instead puts in a random number.  The
server does not care, it just parrots back that timestamp back as the
'Originator Timestamp', plus the time the server received that packet,
and the time it replied to the packet.

The client uses 'Orignator Timestamp' as an index to lookup when it
really sent the request, and then does the usual math with the real send

So, red herring, back to the mystery hunt.

Unless someone thinks this 'cleverness' is worth implementing in ntpsec.

Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at  Tel:+1 541 382 8588
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the devel mailing list