[ntp:questions] Decommission NTP server

Terje Mathisen "terje.mathisen at tmsw.no" at ntp.org
Thu Aug 26 08:37:09 UTC 2010

David J Taylor wrote:
>> 'ntpdc -c monlist' is your friend, it will list the last 600-700 clients.
>> If you have a lot more clients than this, then you'll have to either
>> install a new/dev ntpd version or insert WireShark or a similar
>> sniffer on a mirror of the server switch port.
>> Terje
> Terje,
> I just tried this on my local stratum-1 PC, and was surprised to see the
> backup upstream servers listed, as well as my local clients. I'm not
> expecting to serve time to the rest of the world, so is this a result
> which should be expected? I have no restrict or other security lines in
> the config files, and I have no incoming port forwarding set up on my
> router for UDP/123 (or TCP/123).

monlist lists both clients and servers!

If you also do a 'ntpq -p' to get your peer/upstream servers you can 
subtract those from the monlist results.

BTW, the port number shown is the source port used by the client, if you 
see 123 there it is most probably a proper ntp server, otherwise is can 
be any kind of sntp client sw.

- <Terje.Mathisen at tmsw.no>
"almost all programming can be viewed as an exercise in caching"

More information about the questions mailing list