How to Analyze Network Protocols, Learn More >>

Being able to support more than 300 protocols in the latest version, Capsa Network Sniffer make it easy to analyze protocols in network and understand what is happening.

Recommend Network Analysis Software >>


RFC 1059 http://tools.ietf.org/html/rfc1059
RFC 1119 http://tools.ietf.org/html/rfc1119
RFC 1305 http://tools.ietf.org/html/rfc1305

The Network Time Protocol (NTP) is a time synchronization system for computer clocks through the Internet network. It provides the mechanisms to synchronize time and coordinate time distribution in a large, diverse internet operating at rates from mundane to light wave. It uses a returnable time design in which a distributed sub network of time servers, operating in a self-organizing, hierarchical master-slave configuration, synchronize logical clocks within the sub network and to national time standards via wire or radio.

The format of the header is shown in the following illustration:

LI

VN

Mode

Stratum

Poll

Precision

2

3

3

7

6

7 bits

NTP header structure

LI Leap Indicator
A 2-bit code warning of impending leap-second to be inserted at the end of the last day of the current month. Bits are coded as follows:

00 No warning.
01 +1 second (following minute has 61 seconds).
10 -1 second (following minute has 59 seconds).
11 Alarm condition (clock not synchronized).

VN
Version number 3 bit code indicating the version number.

Mode
The mode: This field can contain the following values:

0 Reserved.
1 Symmetric active.
3 Client.
4 Server.
5 Broadcast.
6 NTP control message.

Stratum
An integer identifying the stratum level of the local clock. Values are defined as follows:

0 Unspecified.
1 Primary reference (e.g. radio clock).
2...n Secondary reference (via NTP).

Poll
Signed integer indicating the maximum interval between successive messages, in seconds to the nearest power of 2.

Precision
Signed integer indicating the precision of the local clock, in seconds to the nearest power of 2.

Vulnerabilities for this protocol (from CVE)

CVE ID Protocol Source Port Targetport

TCP/IP Protocols:

AHARP/RARPATMPBGP-4COPSDCAPDHCPDNS
DVMRPEGPEIGRPESPFANPFingerFTPHSRP
HTTPICMPICMPv6IGMPIGRPIMAP4IPIPDC
IPv6ISAKMPL2FL2TPLDAPMARSMobile IPNARP
NetBIOS/IPNHRPNTPOSPFPIMPOP3PPTPRadius
RIP2RIPng for IPv6RLOGINRSVPRTSPRUDPS-HTTPSCTP
SLPSMTPSNMPSOCKS V5TACACSTALITCPTELNET
TFTPUDPVan JacobsonVRRPWCCPX-WindowXOT