[ntp:questions] Legitimate Source Ports for NTP traffic?

Jason Rabel jasonrabel99 at gmail.com
Tue Nov 20 17:19:24 UTC 2018


In response to my own question I looked a little deeper into the odd
traffic using tcpdump. Best I can tell they are indeed properly
formatted NTP requests, the curious bit is seeing most of these
requests having a precision of -6 or -7. While I know some older MS OS
set their internal time update to around that, they also use the
microsoft time servers by default.

My best guess is that these are modems / routers / other embedded-type
equipment syncing their own clock and using a low port number that
never gets used as their source port as to not interfere with the
traffic they are passing through...


More information about the questions mailing list