Over the last 3 hours (since desktop running TCPDUMP woke up so may have been longer) I'm seeing massive hits on random NTP servers non-stop.
I thought at first just looking at my switch traffic that I was getting a new update as the packet count was much higher than normal, but when I opened the terminal window where I've had a tcpdump session running, I was shocked to see it was NTP hits.
Has anyone ever seen this behavior before? Going on as I write this:
08:41:42.422063 IP hadb2.smatwebdesign.com.ntp > 192.168.1.78.ntp: NTPv4, Server, length 48
08:41:42.435279 IP 192.168.1.78.ntp > 159.203.158.197.ntp: NTPv4, Client, length 48
08:41:42.435742 IP 192.168.1.78.ntp > 69.36.182.57.west-datacenter.net.ntp: NTPv4, Client, length 48
08:41:42.512639 IP 69.36.182.57.west-datacenter.net.ntp > 192.168.1.78.ntp: NTPv4, Server, length 48
08:41:42.515805 IP 192.168.1.78.ntp > 69.36.182.57.west-datacenter.net.ntp: NTPv4, Client, length 48
08:41:42.590433 IP 69.36.182.57.west-datacenter.net.ntp > 192.168.1.78.ntp: NTPv4, Server, length 48
08:41:42.595880 IP 192.168.1.78.ntp > 69.36.182.57.west-datacenter.net.ntp: NTPv4, Client, length 48
08:41:42.635005 IP 192.168.1.78.ntp > time.richiemcintosh.com.ntp: NTPv4, Client, length 48
08:41:43.435049 IP 192.168.1.78.ntp > 69.36.182.57.west-datacenter.net.ntp: NTPv4, Client, length 48
08:41:45.541230 IP 192.168.1.78.ntp > services.quadranet.com.ntp: NTPv4, Client, length 48
08:41:46.546385 IP 192.168.1.78.ntp > horp-bsd01.horp.io.ntp: NTPv4, Client, length 48
08:41:46.576479 IP horp-bsd01.horp.io.ntp > 192.168.1.78.ntp: NTPv4, Server, length 48
I thought at first just looking at my switch traffic that I was getting a new update as the packet count was much higher than normal, but when I opened the terminal window where I've had a tcpdump session running, I was shocked to see it was NTP hits.
Has anyone ever seen this behavior before? Going on as I write this:
08:41:42.422063 IP hadb2.smatwebdesign.com.ntp > 192.168.1.78.ntp: NTPv4, Server, length 48
08:41:42.435279 IP 192.168.1.78.ntp > 159.203.158.197.ntp: NTPv4, Client, length 48
08:41:42.435742 IP 192.168.1.78.ntp > 69.36.182.57.west-datacenter.net.ntp: NTPv4, Client, length 48
08:41:42.512639 IP 69.36.182.57.west-datacenter.net.ntp > 192.168.1.78.ntp: NTPv4, Server, length 48
08:41:42.515805 IP 192.168.1.78.ntp > 69.36.182.57.west-datacenter.net.ntp: NTPv4, Client, length 48
08:41:42.590433 IP 69.36.182.57.west-datacenter.net.ntp > 192.168.1.78.ntp: NTPv4, Server, length 48
08:41:42.595880 IP 192.168.1.78.ntp > 69.36.182.57.west-datacenter.net.ntp: NTPv4, Client, length 48
08:41:42.635005 IP 192.168.1.78.ntp > time.richiemcintosh.com.ntp: NTPv4, Client, length 48
08:41:43.435049 IP 192.168.1.78.ntp > 69.36.182.57.west-datacenter.net.ntp: NTPv4, Client, length 48
08:41:45.541230 IP 192.168.1.78.ntp > services.quadranet.com.ntp: NTPv4, Client, length 48
08:41:46.546385 IP 192.168.1.78.ntp > horp-bsd01.horp.io.ntp: NTPv4, Client, length 48
08:41:46.576479 IP horp-bsd01.horp.io.ntp > 192.168.1.78.ntp: NTPv4, Server, length 48