[ntp:questions] "Trapping" in ntpd
kostecke at ntp.org
Thu Oct 4 15:14:49 UTC 2007
I don't have time this morning for a full reply to your article, but ...
On 2007-10-04, Rob <pse at nospam.com> wrote:
> If you specify noquery on your restrict line(s), you do stop all traps and
> queries. You don't get any responses.
noquery tells ntpd to ignore all mode-6 packets (which includes traps).
> robs-computer:~ rob$ perl /Users/rob/Desktop/ntptrap
> Thu Oct 4 9:06:08 2007 Listening at address 0.0.0.0 port 50194
> I also don't seem to get the same output that you posted earlier.
> With no restrictions specified (ie allowing traps, queries etc), I get the
> following output after restarting ntpd and running ntptrap immediately
ntptrap requires that ntp.pl is in your perl search path. An easy way to
do this is to put ntptrap and ntp.pl in the same directory and cd to
that directory before running ntptrap
I have found that you _can_ pass a hostname to ntptrap.
> You will notice that the output on my terminal states "more". I
> suspcted you must use the -l option in ntptrap to get ntptrap to write
> this output to a file. I tried to do that but was not able.
No, I didn't pass any options to ntptrap other than the remote hostname.
In my test ntptrap just dumped all that data to the console.
> robs-computer:~ rob$ perl /Users/rob/Desktop/ntptrap -l ntptrap.txt
> Cannot open "/dev/null ntptrap.txt": Permission denied
Look again ... it's trying to write to a file named "/dev/null
> There also appears to be another bug in ntptrap. You can't specify a
> ntpd server.
In my experience you can.
>It also defaults to the localhost ntpd server.
That's the logical default if you don't specify a target.
> If I am doing something wrong please let me know.
All I can tell you is that I ran ntptrap like this:
And it worked perfectly.
> In summary, the noquery restriction also blocks traps. There is no
> need to add notrap to restrict lines where noquery is specified.
People routinely overengineer their restrictions. It's not a big deal.
> The notrap restriction does appear to stop all traps (except one -- the
> "err_auth_fail:" trap message).
The notrap restriction blocks trap setup. The "err_auth_fail" message is
a status message from the ntptrap script; strictly speaking it's not a
"trap message" from the ntpd being monitored.
> And it looks like there are bugs in the ntptrap perl script. One cannot
> specify a log file.
One thing to keep in mind here is that these scripts are contributed to
the distribution. In many cases the authors are long gone and no one has
stepped up to the plate to maintain the scripts.
>Even worse, one cannot even specify a host.
In my experience one _can_ specify a host.
Steve Kostecke <kostecke at ntp.org>
NTP Public Services Project - http://support.ntp.org/
More information about the questions