HPE Community
Operating System - HP-UX
1824858 Members
3767 Online
109674 Solutions
New Discussion юеВ

Re: NTP Server apparently not responding (packet sniffer question)

 
Steven Gloer
Occasional Contributor

тАО03-22-2002 06:41 AM

тАО03-22-2002 06:41 AM

NTP Server apparently not responding (packet sniffer question)

I've got ethereal monitoring eth1 for NTP packets or for packets from a specific client. An NTP request comes in through that interface, but it does not show any NTP packets going *out*, or any packets heading for that specific client in general.

Ethereal is running on what's going to be our main NTP server, so it shows requests coming in, and if it's responding, it should show packets going out right?

Or... if it responds and those packets get eaten by a firewall somehow, would they not show up in ethereal, even if it is running on the machine which should be sending the packets?

If you want a long background history, read below:


=-=--=-=-==-BACKGROUND HISTORY=-=-=--=-=-=-=-=-
I've got three machines--"a1" is a redhat 7.0 server, "d1" and "d2" are hp 11.00 servers. They are all on the same subnet *.*.3.x. (i've used asterisk's to leave out our real address).

There is a firewall to the internal company network, this is one of the outer networks, but it shouldn't be a factor because these machines are all on the same subnet.

a1 is a client of an NTP server outside of the firewall, and syncs fine. d1 and d2 are currently set up as servers just syncing off of their own clock.

Using ntpdate, a1 can sync off of d1 or d2, and d1 and d2 can sync off of each other. However, d1 and d2 can not sync off of a1!

That is why i'm running a sniffer on a1, to try to figure out what is happening to their requests...
"D-d-d-dumbass"
0 Kudos
Reply
3 REPLIES 3
Ron Kinner
Honored Contributor

тАО03-22-2002 07:04 AM

тАО03-22-2002 07:04 AM

Re: NTP Server apparently not responding (packet sniffer question)

On A1 try:

netstat -a |grep ntp
see if it listens for ntp.

If you don't see it try

netstat -an |grep 123

and see if it listens on port 123 and you are missing an entry in /etc/services.

If you don't see it then xntpd (maybe ntpd on older systems) is probably not running.

ps -e |grep ntp

should show one of the ntp daemons running. If not that's your problem.

look at man xntpd for details.

Also man ntpq may help.

Ron

0 Kudos
Reply
Steven Gloer
Occasional Contributor

тАО03-22-2002 07:54 AM

тАО03-22-2002 07:54 AM

Re: NTP Server apparently not responding (packet sniffer question)

Thanks for your reply, but here's what I've got going...

(beginning of addresses changed to question marks to conceal our real address)
# netstat -a | grep ntp
udp 0 0 ?.?.3.10:ntp *:*
udp 0 0 buiadm:ntp *:*
udp 0 0 localhost.localdoma:ntp *:*
udp 0 0 *:ntp *:*

# ps -ef | grep ntp
root 10132 1 0 Mar21 ? 00:00:00 ntpd

ntp is clearly running, and it is working on some level, because this server (A1) is successfully syncing with another department's server when I check ntpq -p.

BUT--
like I stated in my initial question, the sniffer shows no NTP packets going out (besides the occasional ones on the other interface going to the other deptment's server). Also--doing a netstat -s repeatedly shows the number of incoming UDP packets going up, but the number going out stays the same:

Udp:
308015 packets received
8316 packets to unknown port received.
0 packet receive errors
316972 packets sent

and then 20 seconds later while being repeatedly pounded by NTP requests from d1:

Udp:
308048 packets received
8316 packets to unknown port received.
0 packet receive errors
316972 packets sent

So it seems like NTP is not responding--any other ideas?
"D-d-d-dumbass"
0 Kudos
Reply
Steven Gloer
Occasional Contributor

тАО03-22-2002 08:36 AM

тАО03-22-2002 08:36 AM

Re: NTP Server apparently not responding (packet sniffer question)

Good News!!!

Found it.... Apparently, one of the default comments which come with the uber-heavily commented /etc/ntp.conf file was uncommented. Specifically, the line that specified a broadcast delay, which probably caused the server to broadcast NTP instead of specifically replying to requests.

Anyways, deleted that sucker, and we're in business!

"D-d-d-dumbass"
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.