Troubleshooting NTP

Problems with NTP, such as when a server is not responding to client requests , are best diagnosed by viewing log messages and using the snoop utility. Also, the xntpdc and ntpq programs can aid you in troubleshooting NTP, especially by examining the current status of the NTP server process ( xntpd ) and the NTP server itself. Each of these is described in the following sections.

Log Messages

NTP logs messages via syslog and writes them to /var/adm/messages . Look in this file for NTP- related messages. The following extract of messages shows what happens when a client starts up and runs ntpdate to set the initial time, and then synchronizes with a time server:

 Apr 16 15:22:31 ultra5 ntpdate[432]: [ID 318594 daemon.notice] \ no server suitable for synchronization found yet Apr 16 15:22:31 ultra5 ntpdate[432]: [ID 147394 daemon.notice] \ trying ttl 1for multicast server synchronization Apr 16 15:24:22 ultra5 ntpdate[440]: [ID 558275 daemon.notice] \ adjust time server 192.168.28.28 offset 0.048177 sec Apr 16 15:24:24 ultra5 xntpd[442]: [ID 702911 daemon.notice] \ xntpd 3-5.93e Mon Sep 20 15:47:11 PDT 1999 (1) Apr 16 15:24:24 ultra5 xntpd[442]: [ID 301315 daemon.notice] \ tickadj = 5, tick = 10000, tvu_maxslew = 495, est. hz = 100 Apr 16 15:24:24 ultra5 xntpd[442]: [ID 798731 daemon.notice] \ using kernel phase-lock loop 0041 

From this sample output, you can see that the initial line does not find an NTP server; that is, the client has not received a response to its request for the correct time. Subsequently, a server is found and the client's clock is adjusted to show the correct time, as displayed by the server.

snoop

The snoop utility can be used to capture NTP-related packets. An example of an NTP packet is shown in the following code sample. Some of the interesting fields appear in bold.

 # snoop -v -d hme0 ETHER:  ----- Ether Header ----- ETHER: ETHER:  Packet 156 arrived at 15:23:54.60 ETHER:  Packet size = 90 bytes ETHER:  Destination = 1:0:5e:0:1:1, (multicast) ETHER:  Source      = 8:0:20:b3:41:53, Sun ETHER:  Ethertype = 0800 (IP) ETHER: IP:   ----- IP Header ----- IP: IP:   Version = 4 IP:   Header length = 20 bytes IP:   Type of service = 0x00 IP:         xxx. .... = 0 (precedence) IP:         ...0 .... = normal delay IP:         .... 0... = normal throughput IP:         .... .0.. = normal reliability IP:         .... ..0. = not ECN capable transport IP:         .... ...0 = no ECN congestion experienced IP:   Total length = 76 bytes IP:   Identification = 61371 IP:   Flags = 0x0 IP:         .0.. .... = may fragment IP:         ..0. .... = last fragment IP:   Fragment offset = 0 bytes IP:   Time to live = 4 seconds/hops IP:   Protocol = 17 (UDP) IP:   Header checksum = 0920  IP:   Source address = 192.168.28.28, ultra10   IP:   Destination address = 224.0.1.1, 224.0.1.1  IP:   No options IP: UDP:  ----- UDP Header ----- UDP:  UDP:  Source port = 123   UDP:  Destination port = 123 (NTP)  UDP:  Length = 56 UDP:  Checksum = 70E0 UDP: NTP:  ----- Network Time Protocol ----- NTP: NTP:  Leap = 0x0 (OK) NTP:  Version = 3  NTP:  Mode    = 5 (broadcast)   NTP:  Stratum = 4 (secondary reference)   NTP:  Poll = 6  NTP:  Precision = 241 seconds NTP:  Synchronizing distance   = 0x0000.0000  (0.000000) NTP:  Synchronizing dispersion = 0x0000.56b6  (0.338715)  NTP:  Reference clock = 127.127.1.0 (127.127.1.0)  NTP:  Reference time = 0xc247e5f9.9a18f000 (Wed Apr 16 15:23:53 2003) NTP:  Originate time = 0x00000000.00000000 (Thu Feb  7 06:28:16 2036) NTP:  Receive   time = 0x00000000.00000000 (Thu Feb  7 06:28:16 2036) NTP:  Transmit  time = 0xc247e5fa.9a186000 (Wed Apr 16 15:23:54 2003) 

Notice from the previous code that you can see

• The IP destination address is a multicast address.

• NTP is using port 123.

• This packet is a broadcast packet from the NTP server ” Mode = 5 (broadcast ).

• The reference clock is local ” Reference clock = 127.127.1.0 (127.127.1.0) .

xntpdc and ntpq

xntpdc is used to query the daemon process xntpd , such as the current status and the current configuration options in use, whereas ntpq is used to query an NTP server, such as testing an NTP server by manually polling it for a response. Both of these commands have a sub prompt that is displayed when they are run. You can use the help command at this prompt to see the available options. The following example shows how to run xntpdc to turn on debugging for the xntpd process to provide additional messaging and display the system information:

 # xntpdc xntpdc> help Commands available: addpeer      addrefclock  addserver    addtrap      authinfo broadcast    clkbug       clockstat    clrtrap      controlkey ctlstats     debug        delay        delrestrict  disable dmpeers      enable       exit         fudge        help host         hostnames    iostats      kerninfo     keyid keytype      leapinfo     listpeers    loopinfo     memstats monlist      passwd       peers        preset       pstats quit         readkeys     requestkey   reset        reslist restrict     showpeer     sysinfo      sysstats     timeout timerstats   traps        trustedkey   unconfig     unrestrict untrustedkey version xntpdc> debug debug level is 0 xntpdc> debug more debug level set to 1 xntpdc> debug more debug level set to 2 xntpdc> sysinfo system peer:          LOCAL(0) system peer mode:     client leap indicator:       00 stratum:              4 precision:            -15 root distance:        0.00000 s root dispersion:      0.54124 s reference ID:         [127.127.1.0] reference time:       c247f2f9.9a18c000  Wed, Apr 16 2003 16:19:21.601 system flags:         auth monitor pll stats kernel_sync frequency:            0.000 ppm stability:            0.000 ppm broadcastdelay:       0.003906 s authdelay:            0.000122 s xntpdc>q #