Trying to figure out if NTP redirection is working
-
Following the instructions at https://linuxincluded.com/ntp-server-ip-blacklisted-nat-redirection-ftw/ , I set up NTP redirection for one of my vlans. The pfSense NTP server is set up on that interface, and I even specified the address under the NTP section of the DHCP settings for that vlan.
However, when I complete a packet capture for port 123, I see almost constant attempts by several devices (one device in particular) to synchronize their times (see below). I can't figure out whether the local NTP server is actually providing the requested time data to the local client or not. Would appreciate someone more knowledgable having a look at this traffic capture and telling me whether the NTP redirect is working or not?
Thanks!
12:01:07.197564 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 18831, offset 0, flags [DF], proto UDP (17), length 76) 192.168.112.139.58821 > 216.55.208.22.123: [udp sum ok] NTPv4, length 48 Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0 Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec) Reference Timestamp: 0.000000000 Originator Timestamp: 0.000000000 Receive Timestamp: 0.000000000 Transmit Timestamp: 3790080162.068397959 (2020/02/07 11:02:42) Originator - Receive Timestamp: 0.000000000 Originator - Transmit Timestamp: 3790080162.068397959 (2020/02/07 11:02:42) 12:01:07.197634 00:08:a2:0d:43:32 > 44:73:d6:21:ec:94, ethertype IPv4 (0x0800), length 90: (tos 0xb8, ttl 64, id 17017, offset 0, flags [none], proto UDP (17), length 76) 216.55.208.22.123 > 192.168.112.139.58821: [bad udp cksum 0xd9cb -> 0x7d79!] NTPv4, length 48 Server, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0 Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec) Reference Timestamp: 0.000000000 Originator Timestamp: 3790080162.068202847 (2020/02/07 11:02:42) Receive Timestamp: 3790080162.068202847 (2020/02/07 11:02:42) Transmit Timestamp: 3790080162.068202847 (2020/02/07 11:02:42) Originator - Receive Timestamp: -0.000000000 Originator - Transmit Timestamp: -0.000000000 12:01:09.192305 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 32099, offset 0, flags [DF], proto UDP (17), length 76) 192.168.112.139.50598 > 149.56.121.17.123: [udp sum ok] NTPv4, length 48 Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0 Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec) Reference Timestamp: 0.000000000 Originator Timestamp: 0.000000000 Receive Timestamp: 0.000000000 Transmit Timestamp: 3790080164.068094115 (2020/02/07 11:02:44) Originator - Receive Timestamp: 0.000000000 Originator - Transmit Timestamp: 3790080164.068094115 (2020/02/07 11:02:44) 12:01:09.192976 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 32100, offset 0, flags [DF], proto UDP (17), length 76) 192.168.112.139.50598 > 149.56.121.17.123: [udp sum ok] NTPv4, length 48 Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0 Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec) Reference Timestamp: 0.000000000 Originator Timestamp: 0.000000000 Receive Timestamp: 0.000000000 Transmit Timestamp: 3790080164.068300170 (2020/02/07 11:02:44) Originator - Receive Timestamp: 0.000000000 Originator - Transmit Timestamp: 3790080164.068300170 (2020/02/07 11:02:44) 12:01:09.193933 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 32101, offset 0, flags [DF], proto UDP (17), length 76) 192.168.112.139.50598 > 149.56.121.17.123: [udp sum ok] NTPv4, length 48 Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0 Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec) Reference Timestamp: 0.000000000 Originator Timestamp: 0.000000000 Receive Timestamp: 0.000000000 Transmit Timestamp: 3790080164.068522524 (2020/02/07 11:02:44) Originator - Receive Timestamp: 0.000000000 Originator - Transmit Timestamp: 3790080164.068522524 (2020/02/07 11:02:44) 12:01:09.194683 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 26669, offset 0, flags [DF], proto UDP (17), length 76) 192.168.112.139.52031 > 205.206.70.7.123: [udp sum ok] NTPv4, length 48 Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0 Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec) Reference Timestamp: 0.000000000 Originator Timestamp: 0.000000000 Receive Timestamp: 0.000000000 Transmit Timestamp: 3790080164.068671070 (2020/02/07 11:02:44) Originator - Receive Timestamp: 0.000000000 Originator - Transmit Timestamp: 3790080164.068671070 (2020/02/07 11:02:44) 12:01:11.202253 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 26809, offset 0, flags [DF], proto UDP (17), length 76) 192.168.112.139.52031 > 205.206.70.7.123: [udp sum ok] NTPv4, length 48 Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0 Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec) Reference Timestamp: 0.000000000 Originator Timestamp: 0.000000000 Receive Timestamp: 0.000000000 Transmit Timestamp: 3790080166.068124849 (2020/02/07 11:02:46) Originator - Receive Timestamp: 0.000000000 Originator - Transmit Timestamp: 3790080166.068124849 (2020/02/07 11:02:46) 12:01:11.202281 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 26810, offset 0, flags [DF], proto UDP (17), length 76) 192.168.112.139.52031 > 205.206.70.7.123: [udp sum ok] NTPv4, length 48 Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0 Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec) Reference Timestamp: 0.000000000 Originator Timestamp: 0.000000000 Receive Timestamp: 0.000000000 Transmit Timestamp: 3790080166.068253604 (2020/02/07 11:02:46) Originator - Receive Timestamp: 0.000000000 Originator - Transmit Timestamp: 3790080166.068253604 (2020/02/07 11:02:46) 12:01:11.256060 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 26811, offset 0, flags [DF], proto UDP (17), length 76) 192.168.112.139.52031 > 205.206.70.7.123: [udp sum ok] NTPv4, length 48 Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0 Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec) Reference Timestamp: 0.000000000 Originator Timestamp: 0.000000000 Receive Timestamp: 0.000000000 Transmit Timestamp: 3790080166.068353721 (2020/02/07 11:02:46) Originator - Receive Timestamp: 0.000000000 Originator - Transmit Timestamp: 3790080166.068353721 (2020/02/07 11:02:46) 12:01:11.264399 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 14050, offset 0, flags [DF], proto UDP (17), length 76) 192.168.112.139.57494 > 162.159.200.123.123: [udp sum ok] NTPv4, length 48 Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0 Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec) Reference Timestamp: 0.000000000 Originator Timestamp: 0.000000000 Receive Timestamp: 0.000000000 Transmit Timestamp: 3790080166.068488530 (2020/02/07 11:02:46) Originator - Receive Timestamp: 0.000000000 Originator - Transmit Timestamp: 3790080166.068488530 (2020/02/07 11:02:46) 12:01:13.200424 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 14150, offset 0, flags [DF], proto UDP (17), length 76) 192.168.112.139.57494 > 162.159.200.123.123: [udp sum ok] NTPv4, length 48 Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0 Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec) Reference Timestamp: 0.000000000 Originator Timestamp: 0.000000000 Receive Timestamp: 0.000000000 Transmit Timestamp: 3790080168.068655237 (2020/02/07 11:02:48) Originator - Receive Timestamp: 0.000000000 Originator - Transmit Timestamp: 3790080168.068655237 (2020/02/07 11:02:48) 12:01:13.200450 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 14151, offset 0, flags [DF], proto UDP (17), length 76) 192.168.112.139.57494 > 162.159.200.123.123: [udp sum ok] NTPv4, length 48 Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0 Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec) Reference Timestamp: 0.000000000 Originator Timestamp: 0.000000000 Receive Timestamp: 0.000000000 Transmit Timestamp: 3790080168.069838715 (2020/02/07 11:02:48) Originator - Receive Timestamp: 0.000000000 Originator - Transmit Timestamp: 3790080168.069838715 (2020/02/07 11:02:48) 12:01:13.201868 44:73:d6:21:ec:94 > 00:08:a2:0d:43:32, ethertype IPv4 (0x0800), length 90: (tos 0x10, ttl 64, id 14152, offset 0, flags [DF], proto UDP (17), length 76) 192.168.112.139.57494 > 162.159.200.123.123: [udp sum ok] NTPv4, length 48 Client, Leap indicator: clock unsynchronized (192), Stratum 0 (unspecified), poll 10 (1024s), precision 0 Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec) Reference Timestamp: 0.000000000 Originator Timestamp: 0.000000000 Receive Timestamp: 0.000000000 Transmit Timestamp: 3790080168.070042442 (2020/02/07 11:02:48) Originator - Receive Timestamp: 0.000000000 Originator - Transmit Timestamp: 3790080168.070042442 (2020/02/07 11:02:48)
-
Anyone?
-
You cannot see that in a packet capture, at least not on the internal interface.
You can do a capture on WAN while updating the system time on the client. If the packets do not appear there the NAT will work.