A problem...?

Paul Theodoropoulos paul at anastrophe.com
Mon Aug 6 23:27:52 UTC 2018


I have a problem I think. I have a number of peers, and seemingly 
everything is fine with the exception of a couple of unreachables:

root at RaspiPi3B+ NTPsec: /etc/iptables # ntpq -p
      remote                                   refid      st t when poll 
reach   delay   offset   jitter
=======================================================================================================
*SHM(2)                                  .PPS.            0 l    -    1  
377   0.0000  -0.0002   0.0004
xSHM(0)                                  .GPS.            0 l    1    2  
377   0.0000 -366.670   7.1195
+clock.fmt.he.net                        .CDMA.           1 u   39   64  
363  23.8882  -1.3594   0.2248
  clepsydra.labs.hp.com                   .STEP.          16 u    - 
1024    0   0.0000   0.0000   0.0010
-clock.isc.org                           243.50.127.182   2 u   10   64  
373  25.8172  -8.9383   0.2847
  gps.layer42.net                         .STEP.          16 u    - 
1024    0   0.0000   0.0000   0.0010
-clock.sjc.he.net                        .CDMA.           1 u   43   64  
373  24.9182  -1.7349   0.1870
+stratum-1.sjc02.svwh.net                .CDMA.           1 u   33  128  
337  24.7522  -1.4723   0.3420
-gpstime.la-archdiocese.net              .TRUE.           1 u   22   64  
377  32.8032  -4.4760   0.1539
-utcnist2.colorado.edu                   .NIST.           1 u   31   64  
377  68.3974  -9.9259   0.3451
-tock.usshc.com                          .GPS.            1 u   41   64  
377  75.6346   0.2643   0.3405

Now, clepsydra is one of the grandaddies of ntp service. I've gone long 
intervals exchanging with them without issue, but also long intervals 
where they were unreachable. Unfortunately, I can find no working 
contact information for their NTP admin. Everything bounces.

svwh.net however did respond when I asked about it.  They sent a dump of 
packets, which showed - bizarrely - that some of my queries were coming 
in to their server on port 4. Yup, 4. The rest of my queries come in 
properly on 123.

21:15:08.500417 IP (tos 0x0, ttl 54, id 2792, offset 0, flags [DF], proto UDP (17), length 76)
     108.196.98.101.4 > 162.213.2.253.123: NTPv4, length 48
         Client, Leap indicator:  (0), Stratum 0 (unspecified), poll 0 (1s), precision 32
         Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
           Reference Timestamp:  0.000000000
           Originator Timestamp: 0.000000000
           Receive Timestamp:    0.000000000
           Transmit Timestamp:   3239574915.034373285 (2002/08/29 01:55:15)
             Originator - Receive Timestamp:  0.000000000
             Originator - Transmit Timestamp: 3239574915.034373285 (2002/08/29 01:55:15)
21:17:23.502876 IP (tos 0x0, ttl 54, id 7436, offset 0, flags [DF], proto UDP (17), length 76)
     108.196.98.101.4 > 162.213.2.253.123: NTPv4, length 48
         Client, Leap indicator:  (0), Stratum 0 (unspecified), poll 0 (1s), precision 32
         Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
           Reference Timestamp:  0.000000000
           Originator Timestamp: 0.000000000
           Receive Timestamp:    0.000000000
           Transmit Timestamp:   2410087482.478396305 (1976/05/16 12:44:42)
             Originator - Receive Timestamp:  0.000000000
             Originator - Transmit Timestamp: 2410087482.478396305 (1976/05/16 12:44:42)
21:18:14.296550 IP (tos 0x0, ttl 54, id 35930, offset 0, flags [DF], proto UDP (17), length 76)
     108.196.98.101.123 > 162.213.2.253.123: NTPv4, length 48
         Client, Leap indicator:  (0), Stratum 0 (unspecified), poll 0 (1s), precision 32
         Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
           Reference Timestamp:  0.000000000
           Originator Timestamp: 0.000000000
           Receive Timestamp:    0.000000000
           Transmit Timestamp:   3037285031.055561024 (1996/03/31 18:17:11)
             Originator - Receive Timestamp:  0.000000000
             Originator - Transmit Timestamp: 3037285031.055561024 (1996/03/31 18:17:11)
21:18:14.297959 IP (tos 0xc0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 76)
     162.213.2.253.123 > 108.196.98.101.123: NTPv4, length 48
         Server, Leap indicator:  (0), Stratum 1 (primary reference), poll 3 (8s), precision -16
         Root Delay: 0.000000, Root dispersion: 0.000350, Reference-ID: CDMA
           Reference Timestamp:  3742233491.070747000 (2018/08/02 21:18:11)
           Originator Timestamp: 3037285031.055561024 (1996/03/31 18:17:11)
           Receive Timestamp:    3742233494.296518601 (2018/08/02 21:18:14)
           Transmit Timestamp:   3742233494.297548000 (2018/08/02 21:18:14)
             Originator - Receive Timestamp:  +704948463.240957576
             Originator - Transmit Timestamp: +704948463.241986975


Thinking it could just be the lame AT&T DSL router at home, I 
powercycled it, and began exchanging time with them again.

But I just checked now and no joy again. A verbose tcpdump showed this 
very strange (and disturbing) output for a few packets exchanged between us:

root at RaspiPi3B+ NTPsec: /etc/iptables # tcpdump -vvvvv host 
stratum-1.sjc02.svwh.net
tcpdump: listening on wlan0, link-type EN10MB (Ethernet), capture size 
262144 bytes
15:57:50.231016 IP (tos 0xb8, ttl 64, id 51544, offset 0, flags [DF], 
proto UDP (17), length 76)
     ntpsec.anastrophe.com.ntp > stratum-1.sjc02.svwh.net.ntp: [udp sum 
ok] NTPv4, length 48
     Client, Leap indicator:  (0), Stratum 0 (unspecified), poll 0 (1s), 
precision 32
     Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
       Reference Timestamp:  0.000000000
       Originator Timestamp: 0.000000000
       Receive Timestamp:    0.000000000
       Transmit Timestamp:   550715480.118903192 (1917/06/14 16:31:20)
         Originator - Receive Timestamp:  0.000000000
         Originator - Transmit Timestamp: 550715480.118903192 
(1917/06/14 16:31:20)
15:57:50.261570 IP (tos 0x0, ttl 54, id 0, offset 0, flags [DF], proto 
UDP (17), length 76)
     stratum-1.sjc02.svwh.net.ntp > ntpsec.anastrophe.com.ntp: [udp sum 
ok] NTPv4, length 48
     Server, Leap indicator:  (0), Stratum 1 (primary reference), poll 3 
(8s), precision -16
     Root Delay: 0.000000, Root dispersion: 0.000335, Reference-ID: CDMA
       Reference Timestamp:  3742585065.093978000 (2018/08/06 15:57:45)
       Originator Timestamp: 550715480.118903192 (1917/06/14 16:31:20)
       Receive Timestamp:    3742585070.242392487 (2018/08/06 15:57:50)
       Transmit Timestamp:   3742585070.247125000 (2018/08/06 15:57:50)
         Originator - Receive Timestamp: -1103097705.876510705
         Originator - Transmit Timestamp: -1103097705.871778192
16:00:02.231019 IP (tos 0xb8, ttl 64, id 60030, offset 0, flags [DF], 
proto UDP (17), length 76)
     ntpsec.anastrophe.com.ntp > stratum-1.sjc02.svwh.net.ntp: [udp sum 
ok] NTPv4, length 48
     Client, Leap indicator:  (0), Stratum 0 (unspecified), poll 0 (1s), 
precision 32
     Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
       Reference Timestamp:  0.000000000
       Originator Timestamp: 0.000000000
       Receive Timestamp:    0.000000000
       Transmit Timestamp:   2164565864.226295429 (1968/08/04 13:17:44)
         Originator - Receive Timestamp:  0.000000000
         Originator - Transmit Timestamp: 2164565864.226295429 
(1968/08/04 13:17:44)
16:02:11.231019 IP (tos 0xb8, ttl 64, id 299, offset 0, flags [DF], 
proto UDP (17), length 76)
     ntpsec.anastrophe.com.ntp > stratum-1.sjc02.svwh.net.ntp: [udp sum 
ok] NTPv4, length 48
     Client, Leap indicator:  (0), Stratum 0 (unspecified), poll 0 (1s), 
precision 32
     Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
       Reference Timestamp:  0.000000000
       Originator Timestamp: 0.000000000
       Receive Timestamp:    0.000000000
       Transmit Timestamp:   2951229106.065759799 (1993/07/09 10:51:46)
         Originator - Receive Timestamp:  0.000000000
         Originator - Transmit Timestamp: 2951229106.065759799 
(1993/07/09 10:51:46)
16:02:11.257912 IP (tos 0x0, ttl 54, id 0, offset 0, flags [DF], proto 
UDP (17), length 76)
     stratum-1.sjc02.svwh.net.ntp > ntpsec.anastrophe.com.ntp: [udp sum 
ok] NTPv4, length 48
     Server, Leap indicator:  (0), Stratum 1 (primary reference), poll 3 
(8s), precision -16
     Root Delay: 0.000000, Root dispersion: 0.000411, Reference-ID: CDMA
       Reference Timestamp:  3742585321.062335000 (2018/08/06 16:02:01)
       Originator Timestamp: 2951229106.065759799 (1993/07/09 10:51:46)
       Receive Timestamp:    3742585331.241839230 (2018/08/06 16:02:11)
       Transmit Timestamp:   3742585331.243347999 (2018/08/06 16:02:11)
         Originator - Receive Timestamp: +791356225.176079430
         Originator - Transmit Timestamp: +791356225.177588199

But I also just now ran a trace on the connection to one of my selected 
peers:

root at RaspiPi3B+ NTPsec: /etc/iptables # tcpdump -vvvvv host clock.fmt.he.net
tcpdump: listening on wlan0, link-type EN10MB (Ethernet), capture size 
262144 bytes
16:08:33.231019 IP (tos 0xb8, ttl 64, id 49893, offset 0, flags [DF], 
proto UDP (17), length 76)
     ntpsec.anastrophe.com.ntp > clock.fmt.he.net.ntp: [udp sum ok] 
NTPv4, length 48
     Client, Leap indicator:  (0), Stratum 0 (unspecified), poll 0 (1s), 
precision 32
     Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
       Reference Timestamp:  0.000000000
       Originator Timestamp: 0.000000000
       Receive Timestamp:    0.000000000
       Transmit Timestamp:   572803278.120811727 (1918/02/25 08:01:18)
         Originator - Receive Timestamp:  0.000000000
         Originator - Transmit Timestamp: 572803278.120811727 
(1918/02/25 08:01:18)
16:08:33.255642 IP (tos 0x0, ttl 55, id 27946, offset 0, flags [DF], 
proto UDP (17), length 76)
     clock.fmt.he.net.ntp > ntpsec.anastrophe.com.ntp: [udp sum ok] 
NTPv4, length 48
     Server, Leap indicator:  (0), Stratum 1 (primary reference), poll 3 
(8s), precision -21
     Root Delay: 0.000000, Root dispersion: 0.000885, Reference-ID: CDMA
       Reference Timestamp:  3742585683.707307156 (2018/08/06 16:08:03)
       Originator Timestamp: 572803278.120811727 (1918/02/25 08:01:18)
       Receive Timestamp:    3742585713.241994489 (2018/08/06 16:08:33)
       Transmit Timestamp:   3742585713.242097150 (2018/08/06 16:08:33)
         Originator - Receive Timestamp: -1125184860.878817238
         Originator - Transmit Timestamp: -1125184860.878714577
16:09:37.231020 IP (tos 0xb8, ttl 64, id 50416, offset 0, flags [DF], 
proto UDP (17), length 76)
     ntpsec.anastrophe.com.ntp > clock.fmt.he.net.ntp: [udp sum ok] 
NTPv4, length 48
     Client, Leap indicator:  (0), Stratum 0 (unspecified), poll 0 (1s), 
precision 32
     Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec)
       Reference Timestamp:  0.000000000
       Originator Timestamp: 0.000000000
       Receive Timestamp:    0.000000000
       Transmit Timestamp:   2858770293.267182914 (1990/08/04 07:51:33)
         Originator - Receive Timestamp:  0.000000000
         Originator - Transmit Timestamp: 2858770293.267182914 
(1990/08/04 07:51:33)
16:09:37.256387 IP (tos 0x0, ttl 55, id 36378, offset 0, flags [DF], 
proto UDP (17), length 76)
     clock.fmt.he.net.ntp > ntpsec.anastrophe.com.ntp: [udp sum ok] 
NTPv4, length 48
     Server, Leap indicator:  (0), Stratum 1 (primary reference), poll 3 
(8s), precision -21
     Root Delay: 0.000000, Root dispersion: 0.000885, Reference-ID: CDMA
       Reference Timestamp:  3742585747.853686145 (2018/08/06 16:09:07)
       Originator Timestamp: 2858770293.267182914 (1990/08/04 07:51:33)
       Receive Timestamp:    3742585777.242081466 (2018/08/06 16:09:37)
       Transmit Timestamp:   3742585777.242351750 (2018/08/06 16:09:37)
         Originator - Receive Timestamp: +883815483.974898552
         Originator - Transmit Timestamp: +883815483.975168836

Which also shows these outlandish outbound packets, with no 
reference/originator/receive timestamps, but absurd 'transmit' timestamps.

So I don't know if my ntpsec server is completely fubar (it doesn't seem 
to be, I sync many of my work servers to it and they appear to be 
getting correct time), or if I'm just misinterpreting the tcpdump 
output. I restarted ntpsec just now, and am seeing similarly bizarre 
results - but now the svwh.net server is reachable - and selected! - but 
several others are not.

root at RaspiPi3B+ NTPsec: /etc/iptables # ntpq -p
      remote                                   refid      st t when poll 
reach   delay   offset   jitter
=======================================================================================================
*SHM(2)                                  .PPS.            0 l    1    1  
377   0.0000   0.0007   0.0014
xSHM(0)                                  .GPS.            0 l    1    2  
377   0.0000 -347.677  12.4342
+clock.fmt.he.net                        .CDMA.           1 u   13   
64    1  24.3661  -0.9526   0.4126
  clepsydra.hpl.hp.com                    .INIT.          16 u    -  
128    0   0.0000   0.0000   0.0010
  clock.isc.org                           .INIT.          16 u    -   
64    0   0.0000   0.0000   0.0010
  gps.layer42.net                         .INIT.          16 u    -   
64    0   0.0000   0.0000   0.0010
-clock.sjc.he.net                        .CDMA.           1 u   10   
64    1  25.1840  -1.6951   0.1535
+stratum-1.sjc02.svwh.net                .CDMA.           1 u    9  
128    1  24.6238  -1.1437   0.5673
-gpstime.la-archdiocese.net              .TRUE.           1 u    8   
64    1  32.6799  -4.3075   0.2004
-utcnist2.colorado.edu                   .NIST.           1 u    6   
64    1  68.0992 -10.1117   0.4811
-tock.usshc.com                          .GPS.            1 u    5   
64    1  76.1819  -0.1106   0.0931



????



-- 
Paul Theodoropoulos
www.anastrophe.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/users/attachments/20180806/c4e84106/attachment-0001.html>


More information about the users mailing list