[ntp:questions] Legitimate Source Ports for NTP traffic?
jasonrabel99 at gmail.com
Tue Nov 20 17:19:24 UTC 2018
In response to my own question I looked a little deeper into the odd
traffic using tcpdump. Best I can tell they are indeed properly
formatted NTP requests, the curious bit is seeing most of these
requests having a precision of -6 or -7. While I know some older MS OS
set their internal time update to around that, they also use the
microsoft time servers by default.
My best guess is that these are modems / routers / other embedded-type
equipment syncing their own clock and using a low port number that
never gets used as their source port as to not interfere with the
traffic they are passing through...
More information about the questions