A problem...?

Paul Theodoropoulos paul at anastrophe.com
Tue Aug 7 17:50:08 UTC 2018 

On 8/6/18 19:45, Paul Theodoropoulos wrote:
> The utterly incomprehensible transmit timestamps of packets outbound 
> in my tcpdump output is the one that really sends a chill down my 
> spine. At first blush, it makes me think I'm spewing deadly packets to 
> timeservers all over the place.

So, I am seeing most packets making sense, not sending timestamps way in 
the past or future. But there still are such packets.

Watching them go by, I note that I have not seen any with dates outside 
of the 'prime epoch' of January 1, 1900, and the timescale overflow date 
of  2036. Which tells me that while they do appear bizarre and 
nonsensical, they seem to be rooted somewhere in rationality.

But I see a fair share of stuff like this -

22:44:01.451036 IP (tos 0x0, ttl 54, id 0, offset 0, flags [DF], proto 
UDP (17), length 76)
     stratum-1.sjc02.svwh.net.ntp > ntpsec.anastrophe.com.ntp: [udp sum 
ok] NTPv4, length 48
         Server, Leap indicator:  (0), Stratum 1 (primary reference), 
poll 3 (8s), precision -16
         Root Delay: 0.000000, Root dispersion: 0.000366, Reference-ID: CDMA
           Reference Timestamp:  3742609434.076817000 (2018/08/06 22:43:54)
           Originator Timestamp: 3791701072.751951859 (2020/02/26 02:17:52)
           Receive Timestamp:    3742609441.392657608 (2018/08/06 22:44:01)
           Transmit Timestamp:   3742609441.437230000 (2018/08/06 22:44:01)
             Originator - Receive Timestamp: -49091631.359294251
             Originator - Transmit Timestamp: -49091631.314721859

or this to another machine on my LAN:

22:49:09.198136 IP (tos 0xb8, ttl 64, id 1296, offset 0, flags [DF], 
proto UDP (17), length 508)
     ntpsec.anastrophe.com.ntp > klaatu.39235: [udp sum ok] NTPv2, 
length 480
         Reserved, Leap indicator:  (0), Stratum 162 (reserved), poll 0 
(1s), precision 3
         Root Delay: 37140.207382, Root dispersion: 0.007141, 
Reference-ID: 115.114.99.97.static-Chennai.vsnl.net.in
           Reference Timestamp:  1685208369.196154486 (1953/05/27 10:26:09)
           Originator Timestamp: 842477106.219454775 (1926/09/12 13:25:06)
           Receive Timestamp:    544436835.439200547 (1917/04/03 00:27:15)
           Transmit Timestamp:   1026634291.172370162 (1932/07/14 00:11:31)
             Originator - Receive Timestamp: -298040270.780254228
             Originator - Transmit Timestamp: +184157184.952915386

Am I broken, or do these packets make any actual sense?

-- 
Paul Theodoropoulos
www.anastrophe.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/users/attachments/20180807/d546b876/attachment.html>

More information about the users mailing list