Welcome to Tesla Motors Club
Discuss Tesla's Model S, Model 3, Model X, Model Y, Cybertruck, Roadster and More.
Register

Clock gone wild - NTP and TCPDUMP

Joe F

Disruption is hard.
Sep 19, 2016
1,933
8,359
Outside Philly
Over the last 3 hours (since desktop running TCPDUMP woke up so may have been longer) I'm seeing massive hits on random NTP servers non-stop.

I thought at first just looking at my switch traffic that I was getting a new update as the packet count was much higher than normal, but when I opened the terminal window where I've had a tcpdump session running, I was shocked to see it was NTP hits.

Has anyone ever seen this behavior before? Going on as I write this:

08:41:42.422063 IP hadb2.smatwebdesign.com.ntp > 192.168.1.78.ntp: NTPv4, Server, length 48

08:41:42.435279 IP 192.168.1.78.ntp > 159.203.158.197.ntp: NTPv4, Client, length 48

08:41:42.435742 IP 192.168.1.78.ntp > 69.36.182.57.west-datacenter.net.ntp: NTPv4, Client, length 48

08:41:42.512639 IP 69.36.182.57.west-datacenter.net.ntp > 192.168.1.78.ntp: NTPv4, Server, length 48

08:41:42.515805 IP 192.168.1.78.ntp > 69.36.182.57.west-datacenter.net.ntp: NTPv4, Client, length 48

08:41:42.590433 IP 69.36.182.57.west-datacenter.net.ntp > 192.168.1.78.ntp: NTPv4, Server, length 48

08:41:42.595880 IP 192.168.1.78.ntp > 69.36.182.57.west-datacenter.net.ntp: NTPv4, Client, length 48

08:41:42.635005 IP 192.168.1.78.ntp > time.richiemcintosh.com.ntp: NTPv4, Client, length 48

08:41:43.435049 IP 192.168.1.78.ntp > 69.36.182.57.west-datacenter.net.ntp: NTPv4, Client, length 48

08:41:45.541230 IP 192.168.1.78.ntp > services.quadranet.com.ntp: NTPv4, Client, length 48

08:41:46.546385 IP 192.168.1.78.ntp > horp-bsd01.horp.io.ntp: NTPv4, Client, length 48

08:41:46.576479 IP horp-bsd01.horp.io.ntp > 192.168.1.78.ntp: NTPv4, Server, length 48
 

Twiglett

Single pedal driver
Oct 3, 2014
2,737
2,661
Austin
Over the last 3 hours (since desktop running TCPDUMP woke up so may have been longer) I'm seeing massive hits on random NTP servers non-stop.

I thought at first just looking at my switch traffic that I was getting a new update as the packet count was much higher than normal, but when I opened the terminal window where I've had a tcpdump session running, I was shocked to see it was NTP hits.

Has anyone ever seen this behavior before? Going on as I write this:

08:41:42.422063 IP hadb2.smatwebdesign.com.ntp > 192.168.1.78.ntp: NTPv4, Server, length 48

08:41:42.435279 IP 192.168.1.78.ntp > 159.203.158.197.ntp: NTPv4, Client, length 48

08:41:42.435742 IP 192.168.1.78.ntp > 69.36.182.57.west-datacenter.net.ntp: NTPv4, Client, length 48

08:41:42.512639 IP 69.36.182.57.west-datacenter.net.ntp > 192.168.1.78.ntp: NTPv4, Server, length 48

08:41:42.515805 IP 192.168.1.78.ntp > 69.36.182.57.west-datacenter.net.ntp: NTPv4, Client, length 48

08:41:42.590433 IP 69.36.182.57.west-datacenter.net.ntp > 192.168.1.78.ntp: NTPv4, Server, length 48

08:41:42.595880 IP 192.168.1.78.ntp > 69.36.182.57.west-datacenter.net.ntp: NTPv4, Client, length 48

08:41:42.635005 IP 192.168.1.78.ntp > time.richiemcintosh.com.ntp: NTPv4, Client, length 48

08:41:43.435049 IP 192.168.1.78.ntp > 69.36.182.57.west-datacenter.net.ntp: NTPv4, Client, length 48

08:41:45.541230 IP 192.168.1.78.ntp > services.quadranet.com.ntp: NTPv4, Client, length 48

08:41:46.546385 IP 192.168.1.78.ntp > horp-bsd01.horp.io.ntp: NTPv4, Client, length 48

08:41:46.576479 IP horp-bsd01.horp.io.ntp > 192.168.1.78.ntp: NTPv4, Server, length 48
Your Model 3 is doing this?
 

Joe F

Disruption is hard.
Sep 19, 2016
1,933
8,359
Outside Philly
Crap. Wrong forum.

No, Model S, but since they share code, could just as well be.

Will have it moved. Thanks for the heads-up.
 

Joe F

Disruption is hard.
Sep 19, 2016
1,933
8,359
Outside Philly
Perhaps just some side effect of the LTE outage. I'd caution against wild speculation until that's resolved.

Yeah, I was just about to post that in the LTE thread I just saw.

"Wild speculation" for the problem I'm seeing, which could very well be a H/W issue, is a tad much, IMHO. Asking if anyone else has seen something like this is hardly wild speculation...
 

Joe F

Disruption is hard.
Sep 19, 2016
1,933
8,359
Outside Philly
Just checked logs on my firewall and there has been around 14MB of NTP traffic to/from my S so far today. Quite a bit more than typical.
Thanks. That pretty much confirms it. Probably related to the LTE problem.

I reported it to Tesla locally before I knew about the LTE outage, but so far have heard nothing from them.

I finally decided to brute force the problem and blocked NTP access at the router level a few minutes ago. That at least calmed things down for now. Will open it up after they resolve the LTE snafu.
 

Joe F

Disruption is hard.
Sep 19, 2016
1,933
8,359
Outside Philly
Just to add a final thought on this problem: This has to be treated by Tesla as a bug. Hopefully this LTE problem is rare, however, if affected cars are on wifi, they are probably hitting on NTP servers 10's of times a second, times the number of affected cars. DDOS for NTP?

It needs to throttle back. There's no need for checking NTP as often as its does on a normal basis. Now with the LTE outage, it's clear something needs to be tweaked. Reporting to Tesla, FWIW.
 

About Us

Formed in 2006, Tesla Motors Club (TMC) was the first independent online Tesla community. Today it remains the largest and most dynamic community of Tesla enthusiasts. Learn more.

Do you value your experience at TMC? Consider becoming a Supporting Member of Tesla Motors Club. As a thank you for your contribution, you'll get nearly no ads in the Community and Groups sections. Additional perks are available depending on the level of contribution. Please visit the Account Upgrades page for more details.


SUPPORT TMC
Top