NTS not 'working', likely operator error
Paul Theodoropoulos
paul at anastrophe.com
Tue Apr 9 02:16:48 UTC 2024
On 4/8/2024 18:51 PM, James Browning via users wrote:
> I suspect for no valid reason at all that someone has placed a
> packet filter near your machine; I also suspect it has been set
> to some ridiculous criteria like 'drop all UDP port 123 packets
> longer than 48-bytes.'
>
> A tool like tcpdump should give you an idea of what NTP traffic
> is actually on the wire versus what either end responds to. Not
> sorry about being useless, you might want to wait for someone
> else, or not the lag can be pretty bad.
Thanks. No packet filters in evidence, based both on my control of the
router, the fully functional NTP traffic, and the initializing NTS traffic
on port 4460 that appears during setup after restarting ntpsec. And it's
not blocked by my ISP -
https://www.xfinity.com/support/articles/list-of-blocked-ports
tcpdumps don't show anything 'interesting' really on either timeservice
port - steady flow of NTP traffic, no meaningful NTS traffic (I have to
imagine that the NTS traffic at initialization at ntpd startup would be
entirely broken if there were limits on the port)
It's a puzzle, that much I know.
cheers,
paul
--
Paul Theodoropoulos
www.anastrophe.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/users/attachments/20240408/8e410cdd/attachment.htm>
More information about the users
mailing list