

These variables are seen on the wire for NTP packets. The key ID is the number of the key while the MAC is the message digest (currently MD5 or SHA-1, not to be confused with the Ethernet MAC address). key ID & MAC: Only present when you’re using NTP authentication.If you roughly want to know the time by looking at an NTP packet, look at this transmit timestamp. transmit timestamp: “Time at the server when the response left for the client.” This is the most interesting timestamp in those NTP packets since it shows the time the NTP client/server had as it sent the NTP packet.

( Since I am merely using IPv6 for this NTP blog post series you’ll always see these curious-looking “refid” values in the ntpq output. Above stratum 1 this is either the IPv4 address of the reference NTP server or for IPv6 “it is the first four octets of the MD5 hash of the IPv6 address.” <- D’oh! This looks quite strange.

This is the basic client-server unicast request which you’ll see all over your network. mode: The most common modes are client (3) and server (4).version: “3-bit integer representing the NTP version number, currently 4.”.leap indicator: “2-bit integer warning of an impending leap second to be inserted or deleted in the last minute of the current month.Note that I am NOT explaining the NTP algorithm at all, but only the packets and their fields that are present on the network. Looking on the wire you should understand the packet header ( section 7.3 in the RFC). Have a look at the current NTPv “Network Time Protocol Version 4: Protocol and Algorithms Specification” in order to understand the packets and protocol details.
