[ntp:questions] Legitimate Source Ports for NTP traffic?

Miroslav Lichvar mlichvar at redhat.com
Wed Nov 28 07:52:43 UTC 2018

On Tue, Nov 20, 2018 at 11:19:24AM -0600, Jason Rabel wrote:
> In response to my own question I looked a little deeper into the odd
> traffic using tcpdump. Best I can tell they are indeed properly
> formatted NTP requests, the curious bit is seeing most of these
> requests having a precision of -6 or -7. While I know some older MS OS
> set their internal time update to around that, they also use the
> microsoft time servers by default.

Precision of -6 seems to be common. It's used by ntpdate for example.
Not sure about -7.

I suspect the number one reason for getting requests from privileged
ports different than 123 is NAT. If there are two NTP clients behind
NAT using port 123, one of them will have to get a different port.

Miroslav Lichvar

More information about the questions mailing list