Recent NTP pool traffic increase

Kurt Roeckx kurt at
Sun Dec 18 11:36:49 UTC 2016

On Sat, Dec 17, 2016 at 07:03:16PM -0800, Gary E. Miller wrote:
> Yo All!
> On Sat, 17 Dec 2016 17:56:32 -0800
> "Gary E. Miller" <gem at> wrote:
> > # tcpdump -nvvi eth0 port 123 |grep "Originator - Transmit Timestamp:"
> > 
> > And I do indeed get odd results.  Some on my local network...
> To follow up on this.  The weirdness is just what chronyd has done
> since before version 2.2.  Chronyd gets 'clever' when it fills in
> the data fields of an NTP packet.
> The RFC says a clients sends a server a packet with its current time in
> the 'Transmit Timestamp'.  Chronyd instead puts in a random number.  The
> server does not care, it just parrots back that timestamp back as the
> 'Originator Timestamp', plus the time the server received that packet,
> and the time it replied to the packet.
> The client uses 'Orignator Timestamp' as an index to lookup when it
> really sent the request, and then does the usual math with the real send
> time.
> So, red herring, back to the mystery hunt.
> Unless someone thinks this 'cleverness' is worth implementing in ntpsec.

I think openntpd might be doing something like that too.

That of course breaks if you try to do symmetric synchronization.


More information about the devel mailing list