[ntp:questions] what does it take to get on the npdc monlist?
dave morgan
morgad at eclipse.co.uk
Sat Apr 9 19:53:04 UTC 2005
I am experimenting with using the following packet sniffer to monitor
how my inbound ntp traffic (the following has been cut down a bit)
---start---
#!/usr/bin/perl -T -W
use Net::PcapUtils;
use NetPacket::Ethernet;
use NetPacket::IP;
my $myip = "10.0.0.4";
my $progin = "udp port 123 and dst host $myip";
Net::PcapUtils::loop(\&grab_ip, FILTER => $progin, PROMISC =>0, DEV =>
"eth0"));
sub grab_ip{
my ($arg,$hdr,$pkt) = @_ ;
my $src_ip = NetPacket::IP->decode(
NetPacket::Ethernet::strip($pkt))->{src_ip};
}
---stop---
and I am puzzled why I consistently get 40% more ip addresses from
the above code than from the ntpdc monlist with the following -
cat ~/ntpstats/iplist/ipdump* | sort | uniq | grep -c -F .
(even when dumping the monlist every minute, and with the average
monlist containing 400 seconds of data.)
Is there a problem with this filter, or is there some criteria
packets must pass to get on the monlist? Which of the two
methods gives a more 'accurate' result?
best regards
Dave
--
http://www.morgad.no-ip.info/index.html gpg:0x64B5E037
Distributed Proofreaders: http://www.pgdp.net
The NTP server pool http://www.pool.ntp.org
More information about the questions
mailing list