[ntp:questions] Re: Audit program for scanning hosts for local time accuracy.

Richard B. Gilbert rgilbert88 at comcast.net
Wed Jan 25 02:06:25 UTC 2006


themeanies wrote:

> Assuming proper authentication, does there exist a program to scan a 
> network and display local time for all the hosts it finds?  I seem to 
> recall a program from long ago that would do this, but I have had no 
> luck finding anything similar.
>
> Most of my clients are windows, but some are unix and of course there 
> is all the cisco/network equipment.
>
> Thank,
> tM

I don't see how authentication enters into it!  Authentication requires 
configuring each host with keys that enable it to verify its own 
identity to others or verify the identity of others.  Any system running 
ntpd should reply, when properly queried, with the current time.   If 
you are going to use this time to set your own clock, you may wish to 
use authentication to verify the identity of the server you queried.  If 
you simply want to know what time a system has, then a simple query 
should return the time.

RFC compliant SNTP clients are NOT supposed to act as servers.  
Microsoft's implementation is broken in this regard so that any Windows 
2000 or XP system running W32TIME will tell you what it thinks the time 
is.  I don't believe that earlier versions of Windows than W2K support this.

The ntpdate program (deprecated) will send a query and either set your 
clock or tell you what it would have done to your clock had it been free 
to do so.   Use the command "ntpdate -ud".   The -u tells it to use a 
non-privileged port while the -d tells it to run in debug mode and just 
tell you what it would have do to set the clock.

A fairly simple script can be written to query every address on a 
network and report its results.   Some audacious young scholar went so 
far as to write a set of scripts to query every reachable NTP server for 
both the time and the addresses of all its clients.  He ran this six or 
seven years ago to audit the entire world and did a statistical analysis 
of his results.  You can get the details here 
<http://alumni.media.mit.edu/%7Enelson/research/ntp-survey99/html/>

Another scholar ran a similar audit this fall but has yet to report his 
results, if any.  Go
here <http://ntpsurvey.arauc.br/>  for his web page.




More information about the questions mailing list