NTP "FAQ" #2 (6/96 - 10/97) - Articles (part 7)

Previous part

From: Simon Waters <106167.3000@CompuServe.COM> Date: 28 Dec 1996 21:39:27 GMT [-/+]Newsgroups: comp.protocols.time.ntp Subject: Re: ntp client for NetWare 4.X [-/+]X-Keywords: Spectracom [-/+]

Spectracom (among others) market commercial time sync software for netware, which might sort out some peoples problems if they need accurate time.

Alas when I asked they sent me a lot of price lists and marketing hype, with little technical detail. I have not used this software so I can not say how good (or otherwise) it is.

-- ---------------------------------------------------------- Still getting use to compuserve.... If all else fails mail srw@fullduplex.co.uk Disclaimer: It wasn't me, whatever It was that went wrong

From: "L. F. Sheldon, Jr." <lsheldon@creighton.edu> [-/+]Date: Sun, 29 Dec 1996 21:27:18 -0600 [-/+]Newsgroups: comp.protocols.time.ntp,comp.sys.hp.hpux Subject: Re: ntp 3.5f and HP-PUX 9.04 X-Keywords: HP-UX [-/+]

On 30 Dec 1996, Per Hedeland wrote:

> In article <Pine.HPP.3.95.961228231004.24158A-100000@bluejay.creighton.edu> > "L. F. Sheldon, Jr." <lsheldon@creighton.edu> writes: > >Copied the script fragment into the "localrc" function of /etc/rc -- > >This idea and the basic design of the script fragment above all taken > >from the "Hints and Kinks" item at UDel. > > > >Rebooted the system. > > > >Everything works except the "/usr/local/bin/xntpd " line (verified that > >the "if" is working by inserting a line that left a log file behind. > > > >What am I missing? > > Probably a 'nohup' before /usr/local/bin/xntpd - at least on HP-UX 9.03, > I found that this was needed to get modern versions of xntpd to survive > when started from /etc/rc (i.e. otherwise it starts, but gets killed by > something in the system startup procedures).

I thought of that, but that seemed so, well, trivial.

I have since learned that I can run it out of /etc/inittab, so my guess is that you are right.

I may try that in a minute. (But how come "adjtmed", started at the same place survives? The everything I learn is a 2-for-1 deal--I learn something _and_ I learn again how little I know!)

[time passes]

That was it!

One of the goodnews things in the wisdom of advancing years--there is no law anywhere that syas I have to understand.

Thanks for writing. -- -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.- . . - L. F. (Larry) Sheldon, Jr. - . Unix Systems Administration . - Creighton University Computer Center-Old Gym - . 2500 California Plaza . - Omaha, Nebraska, U.S.A. 68178 We are all faced with - . lsheldon@creighton.edu great opportunities . - 402 280-2254 (work) brilliantly disguised as - . 402 681-4726 (cellular) impossible situations. . - 402 977-2946 (pager) - . 402 332-4622 (residence) Bits and Pieces . - - .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

From: nmm1@cus.cam.ac.uk (Nick Maclaren) [-/+]Date: 1 Jan 1997 18:46:41 GMT [-/+]Newsgroups: comp.protocols.time.ntp Subject: Re: "security", "authentication" and "other stuff". [-/+]X-Keywords: authentication [-/+] compatible [-/+] peer [-/+] RFC [-/+] specification [-/+]

In article <Pine.HPP.3.95.970101113555.6583A-100000@bluejay.creighton.edu>, L. F. Sheldon, Jr. <lsheldon@creighton.edu> wrote: > >Scanning the RFC last night to be sure I had all the pages, it dawned on >me that the ntp.conf on our machines are about as vanilla as can be-- >nothing about authentication, restrictions, katie-bar-the-door--just >a couple of "server" lines, a few "peer" lines, all with addresses and >"version 3" on them. > >Am I doing a Really Stupid Thing? What should I add? How badly can >I get hurt if I don't do anything at all?

Possibly, but I shouldn't worry about it. Until VERY recently, the authentication mechanism was effectively useless (mainly because of its specification). I believe that the very latest version of the RFC has a usable specification, and the very latest version of xntp RFC implements it, but it is NOT compatible with earlier versions. I am also not entirely sure whether it is secure, because I haven't enquired closely.

Nick Maclaren, University of Cambridge Computer Laboratory, New Museums Site, Pembroke Street, Cambridge CB2 3QG, England. Email: nmm1@cam.ac.uk Tel.: +44 1223 334761 Fax: +44 1223 334679

From: Todd Aven <Todd.Aven@BankersTrust.Com> [-/+]Date: Mon, 30 Dec 1996 13:59:02 -0500 [-/+]Newsgroups: comp.protocols.time.ntp Subject: Re: ntp client for NetWare 4.X [-/+]

In article <32B50C1D.7547@genta.net>, <s@genta.net> wrote: >Is there the NTP client for NetWare 4.X ?

We use Cadence NTP for our Netware 3.x and 4.x systems. You can contact the vendor, Polygon Inc., at +1 314 432 4142 or visit their website to download a trial version:

http://www.polygon.com

Disclaimer: we have no commercial affiliation with Polygon other than as a satisfied customer.

Regards, Todd Aven todd.aven@bankerstrust.com

From: Jim Reid <rid@heron.pst.cfmu.eurocontrol.be> [-/+]Date: 02 Jan 1997 09:46:54 +0100 [-/+]Newsgroups: comp.protocols.time.ntp Subject: Re: "security", "authentication" and "other stuff". [-/+]X-Keywords: authentication [-/+] compatible [-/+] configuration [-/+] RFC [-/+] specification [-/+]

nmm1@cus.cam.ac.uk (Nick Maclaren) writes:

> Possibly, but I shouldn't worry about it. Until VERY recently, the > authentication mechanism was effectively useless (mainly because of > its specification). I believe that the very latest version of the > RFC has a usable specification, and the very latest version of xntp > RFC implements it, but it is NOT compatible with earlier versions. > I am also not entirely sure whether it is secure, because I haven't > enquired closely.

I very much doubt if the security features of xntpd are even necessary. Crypting the timestamps doesn't really buy you much apart from prove who really did send the packet. The best defence from forged NTP packets is to have a diverse range of time sources and servers, which a well set-up NTP configuration will have anyway. A bad guy would then have to subvert all of these - including the radio signals - to have any hope of breaking your timekeeping. This is possible but somewhat unrealistic. And if you take this as a serious threat, you can always buy your own atomic clock...

From: "L. F. Sheldon, Jr." <lsheldon@creighton.edu> [-/+]Date: Wed, 1 Jan 1997 11:41:49 -0600 [-/+]Newsgroups: comp.protocols.time.ntp Subject: "security", "authentication" and "other stuff". [-/+]X-Keywords: authentication [-/+] peer [-/+] RFC [-/+]

This is going to sound twisted and bent, but I dragged down and printed the RFC to have something to read while my wife is wrapped up in "football" "games" today.

Scanning through last night to be sure I had all the pages, it dawned on me that the ntp.conf on our machines are about as vanilla as can be-- nothing about authentication, restrictions, katie-bar-the-door--just a couple of "server" lines, a few "peer" lines, all with addresses and "version 3" on them.

Am I doing a Really Stupid Thing? What should I add? How badly can I get hurt if I don't do anything at all?

-- -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.- . . - L. F. (Larry) Sheldon, Jr. - . Unix Systems Administration . - Creighton University Computer Center-Old Gym - . 2500 California Plaza . - Omaha, Nebraska, U.S.A. 68178 We are all faced with - . lsheldon@creighton.edu great opportunities . - 402 280-2254 (work) brilliantly disguised as - . 402 681-4726 (cellular) impossible situations. . - 402 977-2946 (pager) - . 402 332-4622 (residence) Bits and Pieces . - - .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

From: tgl@netcom.com (Tom Lane) [-/+]Date: Fri, 3 Jan 1997 03:53:38 GMT [-/+]Newsgroups: comp.protocols.time.ntp Subject: Re: Two xntpd processes [-/+]

Chris Maguire <maguirec@mindspring.com> writes: > I get two xntpd processes when I start xntpd from a script. The second > one dies off a short while later. If I run the script using cron the > second one doesn't seem to die off. > > Can someone explain why this happens?

At least in xntpd 3.5c, a subprocess is forked to perform DNS name lookups of the peers mentioned in xntpd's config file. (The idea is to let the server boot up even if the DNS server isn't responding.)

Are you perhaps not dialed in when you "start xntpd from cron"? If so, I'd expect the subprocess to eventually exit after you establish connectivity to your DNS server. (It may take a while; the more lookup failures, the longer it waits between retries.)

BTW: AFAIK there's no good reason not to just start xntpd during your bootup script, and let it run forever. Killing and restarting it should not be necessary, and I sure have a hard time imagining why you'd need to run it from cron.

regards, tom lane

From: tgl@netcom.com (Tom Lane) [-/+]Date: Sat, 4 Jan 1997 19:43:45 GMT [-/+]Newsgroups: comp.protocols.time.ntp Subject: Re: Two xntpd processes [-/+]X-Keywords: fudge [-/+]

Chris Maguire <maguirec@mindspring.com> writes: > As to why I'm running xntpd from cron? Well I do have a reason. [snip] > I understand that I'm trying to get it to do something that > it was not really intended to do. And that is to run xntpd on a node > connected to the Internet via an ISDN line without allowing xntpd to > keep the line up around the clock (we don't use a router).

Well, you can run xntpd with an intermittent connection to its time source; I do that with a plain modem connection, in fact, and it works fairly decently. The major trick is to make sure you have configured the machine's own clock as a secondary time source, so that xntpd still believes it is synced to a server when you're offline. My ntp.conf includes # Use local clock when not connected server 127.127.1.1 fudge 127.127.1.1 stratum 10 plus declarations of two outside servers. I don't change the config file or restart the daemon during normal operations.

The other thing you'll need to do is persuade your ISDN software not to bring up the line just for an NTP packet --- ie, discard port-53 packets if the line is not already up. I believe most ISDN routers can be configured to do this, but I dunno if your machine can.

If you can't make that go, or if it all starts seeming like too much trouble, then forget xntpd and just run ntpdate from cron. ntpdate is designed for probe-just-once-a-day kind of usage; xntpd really isn't. Unless your machine's clock has serious drift, running ntpdate once in a while should be good enough for your goals.

regards, tom lane

From: Mark Eichin <eichin@cygnus.com> Date: 01 Jan 1997 02:56:40 -0500 [-/+]Newsgroups: comp.protocols.time.ntp Subject: Re: Leap second? X-Keywords: IERS [-/+]

> According to to an "xntpdc -c leap" command, a leap second happened

If you mean, leap happened: 1 I think that only means that a normal leap *slot* happenned, but if you'd looked earlier in the day you'd have seen sys.leap: 00 (no leap second scheduled)

You could also check the following sources which indicate that we weren't scheduled for one in this slot.

ftp://hpvlbi.obspm.fr/iers/bul/bulc/bulletinc.12 IERS Bulletin C (Leap Second Announcements) http://maia.usno.navy.mil/ National Earth Orientation Service

From: bounce@spam.mail Date: 5 Jan 1997 00:43:13 GMT [-/+]Newsgroups: comp.protocols.time.ntp Subject: Re: "security", "authentication" and "other stuff". [-/+]X-Keywords: authentication [-/+] compatible [-/+] configuration [-/+] RFC [-/+] specification [-/+]

In <os7mlwlb0h.fsf@heron.pst.cfmu.eurocontrol.be> Jim Reid wrote: | nmm1@cus.cam.ac.uk (Nick Maclaren) writes: | | > Possibly, but I shouldn't worry about it. Until VERY recently, the | > authentication mechanism was effectively useless (mainly because of | > its specification). I believe that the very latest version of the | > RFC has a usable specification, and the very latest version of xntp | > RFC implements it, but it is NOT compatible with earlier versions. | > I am also not entirely sure whether it is secure, because I haven't | > enquired closely. | | I very much doubt if the security features of xntpd are even | necessary. Crypting the timestamps doesn't really buy you much apart | from prove who really did send the packet. The best defence from | forged NTP packets is to have a diverse range of time sources and | servers, which a well set-up NTP configuration will have anyway. A bad | guy would then have to subvert all of these - including the radio | signals - to have any hope of breaking your timekeeping. This is | possible but somewhat unrealistic. And if you take this as a serious | threat, you can always buy your own atomic clock... |

It really depends on what you are doing.

Simply relying on a large pool of time servers and source address restriction is a poor authentication mechanism because source addresses can be easily forged, as recipients of SYN attacks can attest. Consequently, clock systems without strong authentication can be subverted and if your security architecture (e.g., Kerberos) utilizes those services you can be in trouble.

I have not read the NTP RFC so I cannot comment on its authentication mechanism. It sounds like the system uses a symmetric algorithm and shared secrets. If true, it will not scale.

Dennis Glatting mailto:dennis.glatting@software-munitions.com // My reply address is not valid to (hopefully) foil automatic // address collectors used by USENET spammers. Sorry.

From: Dave Hazen <dave.hazen@dal.ca> Date: Fri, 03 Jan 1997 15:43:47 -0400 [-/+]Newsgroups: comp.protocols.time.ntp Subject: Re: QNX and xntp ? X-Keywords: SNTP [-/+]

Booth, Thomas G wrote: > > In article <5abq5c$mnc@mwrns.boulder.noaa.gov>, bwb@etl.noaa.gov (Bruce > (303) 497-6217) wrote: > > > Howdy, > > > A co-worker asked me about using xntp with the QNX operating > > system. I don't find any mention of this small real-time > > OS in the xntp information. > > > Does anyone have info ? > > > Or any experience with SNTP & QNX ? > > > My experience is with Solaris 2.5 sparc. > > > Thanks > > > Bruce Bartram bbartram@etl.noaa.gov > > Bruce, I can't claim being a QNX guru either; however, I'd think that your > colleague could try asking questions over in comp.os.qnx or poke around @ > QNX's web page: http://www.qnx.com/ > > TGB > > \\ The opinions expressed herein are my own. //

There is a 3.5f port in progress by a number of the users.. standby

-- Dave Hazen Voice (902) 494-3396 Dept. of Oceanography Fax (902) 494-3877 Dalhousie University Internet dave.hazen@dal.ca Halifax, NS B3H 4J1

From: shields@crosslink.net (Michael Shields) [-/+]Date: 7 Jan 1997 23:47:16 -0000 [-/+]Newsgroups: comp.protocols.time.ntp Subject: Re: Two xntpd processes [-/+]X-Keywords: Linux [-/+]

In article <TGL.97Jan4114345@netcom7.netcom.com>, Tom Lane <tgl@netcom.com> wrote: > The other thing you'll need to do is persuade your ISDN software > not to bring up the line just for an NTP packet --- ie, discard > port-53 packets if the line is not already up.

53 is DNS -- you want 123.

> If you can't make that go, or if it all starts seeming like too much > trouble, then forget xntpd and just run ntpdate from cron. ntpdate > is designed for probe-just-once-a-day kind of usage; xntpd really > isn't. Unless your machine's clock has serious drift, running ntpdate > once in a while should be good enough for your goals.

And on some OSes (Linux is one) you can manually calibrate the clock. -- Shields, CrossLink.

From: "David Billinghurst" <David.Billinghurst@restech.cra.com.au> Date: 8 Jan 1997 18:35:50 GMT [-/+]Newsgroups: comp.protocols.time.ntp Subject: Re: Daylight saving problem with NT port of XNTP v3.5f X-Keywords: daylight [-/+] Windows [-/+]

This solution, from Greg Schueman (schueman@ix.netcom.com), did the trick

Get the latest version 3-5.87 for NT. Binaries can be found at ftp.drcoffsite.com. The files are either ntxntpbin-gui.zip or ntxntpbin-nongui.zip.

For access to the site email <access@drcoffsite.com>. Other folks in Australia are using this version.

-Greg

David Billinghurst <David.Billinghurst@restech.cra.com.au> wrote in article <01bbfcf4$7106a020$824904cb@crw284.crc.cra.com.au>... > I have just installed the Windows NT port of XNTP v3.5f (build May 7 1996) > obtained some time ago from > ftp://ftp.access.digex.net/pub/access/schueman/ntp > > On startup it died with the message > time error -3793.214240 is way too large (set clock manually) > > Most of this error (3600 seconds) was to be due to an error in the handling > of Daylight Saving time - its summer down here. When I took the machine > off daylight saving time everything works fine. > > Any ideas? > > > > +++++++++++++++++++++++++++++++++++++++++ > (Mr) David Billinghurst > Comalco Research Centre > PO Box 316, Thomastown, Vic, Australia, 3074 > Phone: +61 3 9469 0642 > FAX: +61 3 9462 2700 > Email: David.Billinghurst@restech.cra.com.au >

From: "Greg Schueman" <schueman@ix.netcom.com> [-/+]Date: 11 Jan 1997 06:58:51 GMT [-/+]Newsgroups: comp.protocols.time.ntp Subject: Re: ntp X-Keywords: dialup [-/+] HP-UX [-/+] Windows [-/+]

Marek Grinberg <marek.grinberg@mailbox.swipnet.se> wrote in article <32D4B0C4.36E7@mailbox.swipnet.se>... > Hello, > > I am a newbie with ntp. I would like to have it running in a closed > shop containing the following boxes: > - HP-UX 9.04 > - HP-UX 10.01 > - SunOS 4.1.3_U1 > - SunOS 5.5 > - WindowsNT 3.51 servers > - WindowsNT 5.51 clients > The only access to external clocks may be via RAS/modem from a WindowsNT > server once a day or so.

The current Windows NT port does not support dialup modem time sync. You can do that from Unix, or you could choose to enhance the NT port to support dialout time sync.

> Is it possible to set up ntp ? Any particular considerations ? > Are there any sites that I can access to fetch ready to install ntp for > all these boxes ?

No, not that I know of for Unix.

-Greg

From: hbae@primenet.com (Hansang Bae) Date: 13 Jan 1997 18:32:03 -0700 [-/+]Newsgroups: comp.os.netware.misc,comp.protocols.time.ntp Subject: Re: Time Sync via NTP or TCP [-/+]X-Keywords: Novell [-/+] TCP [-/+]

FKnobbe@BellSouth.net (Frank Knobbe) writes: >Does anyone know of a (obviously 3rd party) product that will allow NW >3.1x to get the system time from a TCP/IP source either via NTP or >TCP:13 ? Should be an NLM that periodically gets the time and adjust >the system clock. If you know of such a thing, please let me know >where I can download it from.

Unfortuneately, not via ntp. But if you have Unix box that can do xntpd, just point your netware server to your unix box via RDATE.NLM. See the note from David Gersic about using UPD packets in 4.11 servers.

RDATE has been used for QUITE a while and works like a charm...

Novell threw in the kitchent sinnk w/ Intranetware, but forogot ntp, I guess.

****************************************************************** Hansang Bae, CNE - Director of Network Operations, Eastern Region Richey Systems Main Office: (800) 776-5145 Fax: (301) 625-0771 hbae@richeysystems.com Reg. Office: (301) 625-0071 Specializing in Network Design/Troubleshooting and Protocol Analysis

From: Ken Green <keng@best.com> Date: Sun, 12 Jan 1997 18:16:55 -0800 [-/+]Newsgroups: comp.os.netware.misc,comp.protocols.time.ntp Subject: Re: Time Sync via NTP or TCP [-/+]X-Keywords: Novell [-/+] UDP [-/+]

RDATE.NLM works fine with TCP/IP from Novell.

I tried it on 4.11 and had to use the /u switch for UDP and not TCPI/IP. Do not know why but is still does work

From: jrd@cc.usu.edu (Joe Doupnik) [-/+]Date: 13 Jan 97 18:35:02 MDT [-/+]Newsgroups: comp.os.netware.misc,comp.protocols.time.ntp Subject: Re: Time Sync via NTP or TCP [-/+]X-Keywords: TCP [-/+]

In article <5bbdn2$6bc@news.bna.bellsouth.net>, FKnobbe@BellSouth.net (Frank Knobbe) writes: > -----BEGIN PGP SIGNED MESSAGE----- > > Howdy. > > Does anyone know of a (obviously 3rd party) product that will allow NW > 3.1x to get the system time from a TCP/IP source either via NTP or > TCP:13 ? Should be an NLM that periodically gets the time and adjust > the system clock. If you know of such a thing, please let me know > where I can download it from. ---------- A very often asked question, to which the very often supplied answer is Brad Clement's RDATE.NLM. See, for example, netlab2.usu.edu, cd misc. Now it's your turn to answer the queries for awhile. Joe D.

From: bwb@etl.noaa.gov (Bruce Brtram) Date: 13 Jan 1997 17:31:24 GMT [-/+]Newsgroups: comp.protocols.time.ntp Subject: Re: xntpd generating net traffic (linux) X-Keywords: broadcast [-/+] minpoll [-/+] poll [-/+] syslog [-/+] UDP [-/+]

Howdy, The syslog output is from a xntp routine that is run hourly to show how xntp is running. The actual rate the patckets are exchanged is called the "poll time" and is expressed either in seconds (xntpdc -p might show poll 512) or as the base 2 exponent producing the time ( xntpdc -c showp server.name would have ppoll 9 ). Poll time grows to reduce server load when the host has good enough answers. In a LAN that isn't overloaded, I expect 2^10 poll times (about 17 minutes between packet exchanges).

Your tracer might show two packets for each exchange or just one if you are using broadcast. Depending on filters, you might also be seeing other ntp packets to/from the other hosts.

I only limit the poll time minimum on one server using the "minpoll 10" argument in my server line. Do you have such limits in place ? I'm curious about your expectation of 2 hour poll times ( 2^12 = 1 hr 7 minutes, 2^13 = 2 hr 13 min ).

Play with xntpdc or ntpq to see what your poll times actually are. 2^6 thru 2^14 is the range of possible values (from my untrustworthy human memory banks, this might have changed with version at some point).

The current version of xntp is xntp3-5.88 and it has many significant improvments over a older versions. When used with linux 2.0.-, I'm told it uses some nice direct kernel calls to make the time run very smooth. This is version was released last week and there might be a slight shake- down period. There was a post about a "make" error with linux that you might want to follow.

My limited experience is sparc Solaris 2.5 for about 1 year with xntp3.4r,y 3-5c and I'm starting with 3-5.88 as of last night. ftp://louie.udel.edu/pub/ntp/xntp3-5.88.tar.gz http://www.eecis.udel.edu/~ntp

Bruce Bartram bbartram@etl.noaa.gov usual disclaimers apply

-----

Tiaan van Aardt (tva@wasp.co.za) wrote: : Hi,

: I've been running xntp 3.3c on a linux box for over 5 months now. It : syncs with two stratum 2 servers every hour. I assumed that ntp traffic : was only appearing every hour.

: I've put a packet tracer on, and I now see that there is traffic between : my server and the peering machines at least every minute. What is xntpd : doing? And is there a way to cure this?

: Here's what my xntpd log says:

: Jan 13 03:05:16 wasp xntpd[2059]: offset -0.004301 freq 10.28865 comp 2 : Jan 13 04:05:16 wasp xntpd[2059]: offset 0.001852 freq 10.00507 comp 3 : Jan 13 05:05:16 wasp xntpd[2059]: offset 0.001880 freq 10.06883 comp 3 : Jan 13 06:05:16 wasp xntpd[2059]: offset 0.001887 freq 9.95462 comp 2 : Jan 13 07:05:16 wasp xntpd[2059]: offset 0.001250 freq 10.10310 comp 2 : Jan 13 08:05:16 wasp xntpd[2059]: offset -0.002838 freq 10.08110 comp 3 : Jan 13 09:05:16 wasp xntpd[2059]: offset -0.016089 freq 9.78638 comp 2 : Jan 13 10:05:16 wasp xntpd[2059]: offset -0.013462 freq 10.34251 comp 2 : Jan 13 11:05:16 wasp xntpd[2059]: offset -0.061803 freq 8.12024 comp 2 : Jan 13 12:05:16 wasp xntpd[2059]: offset -0.000767 freq 9.35596 comp 3 : Jan 13 13:05:16 wasp xntpd[2059]: offset 0.052153 freq 10.74788 comp 2

: These are the packets that appear quite often:

: 11:47:50.39 aluunet recv: : PPP: len 77 (compressed ALL/UI) compressed protocol: IP : IP: len 76 196.7.106.9->196.31.211.1 ihl 20 ttl 253 prot UDP : UDP: 123->123 len 56 : ^^^ ^^^ : Clearly port 123 (which is ntp) is being accessed alot. My machine being : 196.31.211.1.

: Would appreciate an e-mailed reply in adition to a posting here.

: Regards, : -Tiaan. : _______________________________________________________________________ : Network Manager | GSM vehicle tracking and datacomm solutions : WASP International | +27-(0)11-622-8686 | http://wasp.co.za

From: Carl Brewer <carl@abm.com.au> [-/+]Date: Wed, 15 Jan 1997 08:29:51 +1000 [-/+]Newsgroups: comp.protocols.time.ntp Subject: xntpd 3.5-88 binaries for Solaris 2.5 (Sparc) and SunOS 4.1.x X-Keywords: Mills [-/+]

If anyone wants 'em, I've put a Solaris 2.5 package, and a SunOS 4.1.x (4.1.3_u1 - if you use lower you'll get library warnings you can pipe to /dev/null) tar archive of xntpd 3.5-88 binaries and doco (the html stuff from Dave Mills' distribution) up for anon ftp, they're at :

ftp://ftp.library.uwa.edu.au/pub/unix/system/NTP-Solaris2.5.tar.gz ftp://ftp.library.uwa.edu.au/pub/unix/system/NTP-SunOS4.1.x.tar.gz

Hopefully some of you will find them useful.

From: David Rodgers <David.Rodgers@po.cle.ab.com> Date: Wed, 15 Jan 1997 09:23:45 -0500 [-/+]Newsgroups: comp.protocols.time.ntp Subject: xntp under VxWorks RTOS?

Has anyone out there investigated, attempted, or succeeded in porting xntp (client or server) to the VxWorks real-time OS? I saw that someone had managed to get it working under QNX, but I don't know how similar those two OS's are. It's a little different compiling for VxWorks, because they already have predefined makefiles to be included in any project build (they define where all the include files and libraries are, among other things), as well as the fact that with VxWorks, you compile on the Unix host, not the target, and you also don't generate executables (all object code, i.e. no main()). Has anyone tried dealing with this?

David Rodgers / rodgersd@odin.cle.ab.com

From: hound@eramp.net Date: Wed, 15 Jan 97 19:09:32 PDT [-/+]Newsgroups: comp.protocols.time.ntp,comp.os.netware.misc Subject: Re: Time Sync via NTP or TCP [-/+]X-Keywords: TCP [-/+]

In Article<5bbdn2$6bc@news.bna.bellsouth.net>, <FKnobbe@BellSouth.net> write: > Path: news.nkn.net!news.panther.net!nemesis!hammy!news-in.iadfw.net!www.nntp.primenet.com!nntp.primenet.com!arclight.uoregon.edu!su-news-hub1.bbnplanet.com!news.bbnplanet.com!cpk-news-hub1.bbnplanet.com!mindspring!cssun.mathcs.emory.edu!news.service.emory.edu!news.bna.bellsouth.net!usenet > From: FKnobbe@BellSouth.net (Frank Knobbe) > Newsgroups: comp.os.netware.misc,comp.protocols.time.ntp > Subject: Time Sync via NTP or TCP > Date: Sun, 12 Jan 1997 19:23:13 GMT > Lines: 24 > Distribution: inet > Message-ID: <5bbdn2$6bc@news.bna.bellsouth.net> > NNTP-Posting-Host: d00078.bna.bellsouth.net > X-Newsreader: Forte Free Agent 1.0.82 > Xref: news.nkn.net comp.os.netware.misc:18024 comp.protocols.time.ntp:1794 > > -----BEGIN PGP SIGNED MESSAGE----- > > Howdy. > > Does anyone know of a (obviously 3rd party) product that will allow NW > 3.1x to get the system time from a TCP/IP source either via NTP or > TCP:13 ? Should be an NLM that periodically gets the time and adjust > the system clock. If you know of such a thing, please let me know > where I can download it from. > > TIA, > Frank > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQCVAwUBMtk1uMZP3ocmY5AlAQG77QP/fvopcd9RoPT1ePHTCjr43P7wyN1Shbco > 60RbnXUtMtrWABGPmaLUDQQfjVHQut66z0Y9Xq0ouRijGEGu44JY/nezz+3rxppd > YFxe6iKByqRCgh/USZwgsjLdi1WQK38DS5GwWuX2/XB1fKY92Ss3osnYzwm6Y/JM > BI4jbYgjVKo= > =rQx2 > -----END PGP SIGNATURE----- > > There is a program called Nettime that was recently mentioned in comp.os.netware.announce. It can be found at http://www.gtllp.com/~hifive. It should do what your wanting to accomplish.

From: "Roger Foss" <roger.foss@oslo.teamco.telenor.no> [-/+]Date: 17 Jan 1997 11:30:19 GMT [-/+]Newsgroups: comp.os.netware.misc,comp.protocols.time.ntp Subject: Re: Time Sync via NTP or TCP [-/+]X-Keywords: dialup [-/+] TCP [-/+] Windows [-/+]

Frank Knobbe <FKnobbe@BellSouth.net> wrote in article = <5bbdn2$6bc@news.bna.bellsouth.net>... > -----BEGIN PGP SIGNED MESSAGE----- >=20 > Howdy. >=20 > Does anyone know of a (obviously 3rd party) product that will allow NW > 3.1x to get the system time from a TCP/IP source either via NTP or > TCP:13 ? Should be an NLM that periodically gets the time and adjust > the system clock. If you know of such a thing, please let me know > where I can download it from. >=20 > TIA, > Frank

Polygon Inc has a Time Synch/Provider product (Cadence) that runs on = Netware 3.x and 4.x. It can use dialup or NTP. In Netware 4.x, it runs = in a monochastic (?) mode which means it'll only adjust the time = *forward*, not backward. With Netware 4.x's NDS, adjusting the time = backwards is a very bad thing to do.

Cadence seemed a little unstable on Netware 4.11, not releasing = allocated resources when unloading the NLM. Also, it abended my server = a few times and it has a tendency to mess up the screen over time (it's = console display gets overwritten with garbage).

The good thing with Cadence is it can adjust the intervals in which is = contacts a time provider, because it learns how much your server tends = to slew. Also, Cadence CAN WORK AS A TIME PROVIDER, so your client workstations = can get accurate time from it constantly (not just at login time). = There are Cadence clients for DOS/Windows (TSR), Win95/NT and other = Netware servers. A Windows NT server version is under development.

Here's the bad thing: Polygon Inc's service and support SUCKS!!!!!!!! I've e-mailed both their sales and support e-mail addresses several = times and gotten zero replies. Considering I represent Norway's state = owned Telecomm's company, with 190+ servers and some 15000 workstations, = I'd say this leaves something to be desired.

Polygon's product costs, but I was willing to pay. Now I'm looking for = alternatives.. You can download an evaluation copy of their product from http://www.polygon.com and check it out for yourself.

Roger Foss Telenor Bedrift Division IT-Service

From: David Engberg <geppetto@eecs.com> Date: Sat, 18 Jan 1997 17:18:47 -0800 [-/+]Newsgroups: comp.protocols.time.ntp Subject: Precise NTP client for Windows 95? [-/+]X-Keywords: resolution [-/+] Windows [-/+]

I am doing networking performance analysis between a Windows95 PC and a Unix workstation, and I am having a hard time finding a time synchronization client that will give me reasonable control between the two machines. On the Unix box, I have xntp3-5.88, which I assume to be fairly high-performance, but all of the PC NTP clients I can find seem to operate at a very coarse grain of resolution.

I have tried out Dimension4, ntsntp, sntp, sswatch, and tardis, but even the best have an effective resolution of 50 milliseconds. I would like to think that two computers directly connected could do better than this with the right software.

Does any one know of an NTP system for Windows (commercial or non) that could achieve more precise time synchronization?

From: "Doug Hogarth" <DougHo@internetMCI.com> [-/+]Date: 20 Jan 1997 04:11:51 GMT [-/+]Newsgroups: comp.protocols.time.ntp Subject: Re: Precise NTP client for Windows 95? [-/+]X-Keywords: resolution [-/+] Windows [-/+]

Since Win95's clock only has ~55ms resolution, I wouldn't expect to see any better. Of course you could do better if you added something like an ISA-based timing card to the Win95 machine but those are around $1K.

I'm not quite sure what you are asking, but perhaps you could get 10ms resolution by installing software called Rightime from Tom Becker (he has a web page but I can't recall it right now). Then maybe one of the NTP programs you mentioned would work better. Last time I used his software was before Win95 came out, though... -- Doug Hogarth's Home Page http://www.digitaldaze.com/dougho/

David Engberg <geppetto@eecs.com> wrote in article <32E17677.9ACC241@eecs.com>... > I am doing networking performance analysis between a Windows95 PC and a > Unix workstation, and I am having a hard time finding a time > synchronization client that will give me reasonable control between the > two machines. On the Unix box, I have xntp3-5.88, which I assume to be > fairly high-performance, but all of the PC NTP clients I can find seem > to operate at a very coarse grain of resolution. > > I have tried out Dimension4, ntsntp, sntp, sswatch, and tardis, but even > the best have an effective resolution of 50 milliseconds. I would like > to think that two computers directly connected could do better than this > with the right software. > > Does any one know of an NTP system for Windows (commercial or non) that > could achieve more precise time synchronization?

From: "Greg Schueman" <schueman@ix.netcom.com> [-/+]Date: 20 Jan 1997 06:55:40 GMT [-/+]Newsgroups: comp.protocols.time.ntp Subject: Re: Precise NTP client for Windows 95? [-/+]X-Keywords: precision [-/+] resolution [-/+] Windows [-/+]

Doug Hogarth <DougHo@internetMCI.com> wrote in article <01bc0688$0d6b8380$6c0637a6@dougho166>... > Since Win95's clock only has ~55ms resolution, I wouldn't expect to see any > better. > Of course you could do better if you added something like an ISA-based > timing card to the Win95 machine but those are around $1K. > > I'm not quite sure what you are asking, but perhaps you could get 10ms > resolution by installing software called Rightime from Tom Becker (he has a > web page but I can't recall it right now). Then maybe one of the NTP > programs you mentioned would work better. Last time I used his software > was before Win95 came out, though... > -- > Doug Hogarth's Home Page http://www.digitaldaze.com/dougho/ > > David Engberg <geppetto@eecs.com> wrote in article > <32E17677.9ACC241@eecs.com>... > > I am doing networking performance analysis between a Windows95 PC and a > > Unix workstation, and I am having a hard time finding a time > > synchronization client that will give me reasonable control between the > > two machines. On the Unix box, I have xntp3-5.88, which I assume to be > > fairly high-performance, but all of the PC NTP clients I can find seem > > to operate at a very coarse grain of resolution. > > > > I have tried out Dimension4, ntsntp, sntp, sswatch, and tardis, but even > > the best have an effective resolution of 50 milliseconds. I would like > > to think that two computers directly connected could do better than this > > with the right software. > > > > Does any one know of an NTP system for Windows (commercial or non) that > > could achieve more precise time synchronization?

Try upgrading to Windows NT 4.0, as Win95 does not support the kind of system clock slewing functionality required for better precision. At the moment, I don't know how "accurate" NT can be, but I do know that it is better than Win95 would ever be able to achieve. NT has kernel support for time slewing, like Unix, unlike Win95.

-Greg

From: wiu09524@rrzc5 (Ulrich Windl) [-/+]Date: 21 Jan 1997 12:32:37 GMT [-/+]Newsgroups: comp.protocols.time.ntp Subject: Re: Anyone else having xntpd 3-5.88 start consuming endless CPU? X-Keywords: authentication [-/+] bug [-/+] peer [-/+] restrict [-/+]

In article <5c0r01$c2g@selandria.cawtech.com> caw@cawtech.com (Christopher A. Wichura) writes:

> I recently upgraded one of our primary NTP servers from a 3.4 xntpd to > 3-5.88. It is running on a Sparc 1+ under SunOS 4.1.3U1. The compile > went without a hitch. However, I've noticed that after a few days of > normal operation, xntpd will start consuming endless CPU (it's process is > always in Run state). Has anyone else encountered this? If so, is there > a known solution? > > I compiled it with gcc 2.7.2 with -O6 for CFLAGs, which is my SOP for anything > I compile.

I know that for the i386 gcc-2.7.2 has a bug with -fstrength-reduce, and gcc-2.7.2.1 just disables that code. Maybe you get bitten by that...

> > Thanks, > -=> CAW > > (As an aside, can someone explain to me how NTP authentication should really > work? I want my clients to only lock to servers that authenticate. If I > put a 'key #' tag in the 'server w.x.y.z' line, the client won't lock unless > the server has the same key. This is good. However, I have found that for > xntpd, I must include the key number in the trustedkeys section, or else > it complains that the request is not authenticated. This is bad. This means > one of the clients could switch to peer mode and start feeding bad information > to the server, if my understanding of the doc on the trustedkeys command is > correct. The NTP servers running on some of our cisco boxes don't behave

Also see the description of "restrict"... (If you don't believe me try "restrict default notrust nomodify")

> this way. If they receive a request with a key number, they will respond > with authentication using the key. But they will only allow peer/server > relationships with those keys listed as a trusted key. Thus, I can insure > the clients are getting valid time from one of my official NTP servers, > but the client can't in turn feed bad info into the server. Let me know > if I've not made myself clear here. Thanks.) >

Ulrich

Next part