The final topic that will be covered in this chapter is NTP. Synchronizing time with a centralized time server is a key step in any corporate network. We would like to compare the log files between various servers and see if the timestamp on each server is accurate; the log events may not then co-relate. Many authentication protocols, such as Kerberos, strictly rely on the accuracy of the time stamp reported by the client to the servers. Here, a third-party Python ntplib library will be introduced, and then the communication between the NTP client and the server will be investigated.
To create an NTP client, you need to call the ntplib's NTPCLient class.
import ntplib from time import ctime c = ntplib.NTPClient() response = c.request('pool.ntp.org') print ctime(response.tx_time)
Here, we have selected pool.ntp.org, which is a load-balanced webserver. So, a pool of the NTP servers will be ready to respond to the client's request. Let's find more information regarding this from the response that was returned by an NTP server.
import ntplib
from time import ctime
HOST_NAME = 'pool.ntp.org'
if __name__ == '__main__':
params = {}
client = ntplib.NTPClient()
response = client.request(HOST_NAME)
print('Received time: %s' %ctime(response.tx_time))
print('ref_clock: ',ntplib.ref_id_to_text(response.ref_id, response.stratum))
print('stratum: ',response.stratum)
print('last_update: ', response.ref_time)
print('offset: %f' %response.offset)
print('precision: ', response.precision)
print('root_delay: %.6f' %response.root_delay)
print('root_dispersion: %.6f' %response.root_dispersion)The detailed response will look like the following:
$ python 6_5_ntp_client.py Received time: Sat Feb 28 17:08:29 2015 ref_clock: 213.136.0.252 stratum: 2 last_update: 1425142998.2 offset: -4.777519 precision: -23 root_delay: 0.019608 root_dispersion: 0.036987
The preceding information was supplied by the NTP server to the client. This information can be used to determine the accuracy of the supplied time server. For example, the stratum value 2 indicates that the NTP server will query another NTP server with the stratum value 1, which may have a directly attached time source. For more information about the NTP protocol, you may either read the RFC 958 document at https://tools.ietf.org/html/rfc958 or visit http://www.ntp.org/.
You may be able to learn more about NTP by looking at captured packets. For this purpose, the preceding NTP client/server communication has been captured as shown in the following two screenshots:
The first screenshot shows the NTP client request. If you look inside the flag fields, then you will see the client's version number.
Similarly, the NTP server response has been shown in the following screenshot:
