Ethereal-users: RE: [Ethereal-users] Time out on network due to NTP

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Visser, Martin" <martin.visser@xxxxxx>
Date: Tue, 4 Jan 2005 17:23:12 +1100
Qazzafi,
 
Without more information it is difficult to diagnose what the problem
you have is. In simple terms you can eliminate NTP by

1. Identify the source of NTP packets (from the source IP / MAC address)
and disable/reconfigure the applications(s) that are sending the
packets. It may well be that if you have excessive NTP packets it is
because of a misconfiguration in one or more hosts. 

2. Using your switch's / router's / firewall's filtering capabilities
use these as a port of enforcement to block NTP packets. (Which I assume
your mean UDP with dest port 123). Note that this blocking will only
stop packets leaving the source network - and not stop the actual
generation of them.


I suggest that using information gained from Ethereal you proceed on
point 1. (NTP is a "standard" protocol that is very light on bandwidth
if configured correctly)

Martin

 

Martin Visser ,CISSP 
Network and Security Consultant 
Consulting & Integration 
Technology Solutions Group - HP Services 

3 Richardson Place 
North Ryde, Sydney NSW 2113, Australia 

Phone: +61-2-9022-1670    
Mobile: +61-411-254-513 
Fax: +61-2-9022-1800     
E-mail: martin.visserAThp.com 
  
This email (including any attachments) is intended only for the use of
the individual or entity named above and may contain information that is
confidential, proprietary or privileged. If you are not the intended
recipient, please notify HP immediately by return email and then delete
the email, destroy any printed copy and do not disclose or use the
information in it.


 


________________________________

	From: ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of M. Qazzafi
Ashraf
	Sent: Tuesday, 4 January 2005 3:00 PM
	To: Ethereal user support
	Subject: [Ethereal-users] Time out on network due to NTP
	
	
	Hi,
	
	We have Windows 2003, Apple Mac OS X, Windows XP Pro, running on
our
	LAN and we are getting time out network on our.
	
	Actually since long time we felt there is some problem in our
local area network then we use Ethereal - packet sniffing software - its
my first experience to use such program though to fetch the network
traffic and while monitoring we saw there are lots of packets going
around of NTP on LAN following detail we got from Ethereal software:
	
	Sequence of bulk request of NTP protocol:

	Source (our LAN IP) to Destination (other LAN IP) Protocol (NTP)
Info
	(NTP)
	
	How can I stop bulk NTP packets on our network any help would be
appreciated
	
	
	Qazzafi

	__________________________________________________
	Do You Yahoo!?
	Tired of spam? Yahoo! Mail has the best spam protection around 
	http://mail.yahoo.com