TMC is an independent, primarily volunteer organization that relies on ad revenue to cover its operating costs. Please consider whitelisting TMC on your ad blocker and becoming a Supporting Member. For more info: Support TMC

Clock gone wild - NTP and TCPDUMP

Discussion in 'Model S' started by Joe F, May 1, 2018.

Tags:
  1. Joe F

    Joe F Disruption is hard.

    Joined:
    Sep 19, 2016
    Messages:
    1,546
    Location:
    Outside Philly
    Over the last 3 hours (since desktop running TCPDUMP woke up so may have been longer) I'm seeing massive hits on random NTP servers non-stop.

    I thought at first just looking at my switch traffic that I was getting a new update as the packet count was much higher than normal, but when I opened the terminal window where I've had a tcpdump session running, I was shocked to see it was NTP hits.

    Has anyone ever seen this behavior before? Going on as I write this:

    08:41:42.422063 IP hadb2.smatwebdesign.com.ntp > 192.168.1.78.ntp: NTPv4, Server, length 48

    08:41:42.435279 IP 192.168.1.78.ntp > 159.203.158.197.ntp: NTPv4, Client, length 48

    08:41:42.435742 IP 192.168.1.78.ntp > 69.36.182.57.west-datacenter.net.ntp: NTPv4, Client, length 48

    08:41:42.512639 IP 69.36.182.57.west-datacenter.net.ntp > 192.168.1.78.ntp: NTPv4, Server, length 48

    08:41:42.515805 IP 192.168.1.78.ntp > 69.36.182.57.west-datacenter.net.ntp: NTPv4, Client, length 48

    08:41:42.590433 IP 69.36.182.57.west-datacenter.net.ntp > 192.168.1.78.ntp: NTPv4, Server, length 48

    08:41:42.595880 IP 192.168.1.78.ntp > 69.36.182.57.west-datacenter.net.ntp: NTPv4, Client, length 48

    08:41:42.635005 IP 192.168.1.78.ntp > time.richiemcintosh.com.ntp: NTPv4, Client, length 48

    08:41:43.435049 IP 192.168.1.78.ntp > 69.36.182.57.west-datacenter.net.ntp: NTPv4, Client, length 48

    08:41:45.541230 IP 192.168.1.78.ntp > services.quadranet.com.ntp: NTPv4, Client, length 48

    08:41:46.546385 IP 192.168.1.78.ntp > horp-bsd01.horp.io.ntp: NTPv4, Client, length 48

    08:41:46.576479 IP horp-bsd01.horp.io.ntp > 192.168.1.78.ntp: NTPv4, Server, length 48
     
  2. Twiglett

    Twiglett Single pedal driver

    Joined:
    Oct 3, 2014
    Messages:
    2,224
    Location:
    Austin
    Your Model 3 is doing this?
     
  3. Joe F

    Joe F Disruption is hard.

    Joined:
    Sep 19, 2016
    Messages:
    1,546
    Location:
    Outside Philly
    Crap. Wrong forum.

    No, Model S, but since they share code, could just as well be.

    Will have it moved. Thanks for the heads-up.
     
  4. RangerRick

    RangerRick Member

    Joined:
    Apr 30, 2016
    Messages:
    91
    Location:
    Apex, NC
    Not yet, unless you're at a service center, or sniffing cellular traffic. Model 3 can't configure WiFi yet. ;)
     
    • Informative x 1
  5. Doug_G

    Doug_G Lead Moderator

    Joined:
    Apr 2, 2010
    Messages:
    17,829
    Location:
    Ottawa, Canada
    Moved.
     
  6. luckyj

    luckyj Member

    Joined:
    Dec 8, 2016
    Messages:
    337
    Location:
    Northern Virginia, USA
    Perhaps just some side effect of the LTE outage. I'd caution against wild speculation until that's resolved.
     
  7. Joe F

    Joe F Disruption is hard.

    Joined:
    Sep 19, 2016
    Messages:
    1,546
    Location:
    Outside Philly
    Yeah, I was just about to post that in the LTE thread I just saw.

    "Wild speculation" for the problem I'm seeing, which could very well be a H/W issue, is a tad much, IMHO. Asking if anyone else has seen something like this is hardly wild speculation...
     
  8. cgrubbe

    cgrubbe Member

    Joined:
    Oct 1, 2017
    Messages:
    91
    Location:
    Columbus, OH
    Just checked logs on my firewall and there has been around 14MB of NTP traffic to/from my S so far today. Quite a bit more than typical.
     
  9. Joe F

    Joe F Disruption is hard.

    Joined:
    Sep 19, 2016
    Messages:
    1,546
    Location:
    Outside Philly
    Thanks. That pretty much confirms it. Probably related to the LTE problem.

    I reported it to Tesla locally before I knew about the LTE outage, but so far have heard nothing from them.

    I finally decided to brute force the problem and blocked NTP access at the router level a few minutes ago. That at least calmed things down for now. Will open it up after they resolve the LTE snafu.
     
  10. Joe F

    Joe F Disruption is hard.

    Joined:
    Sep 19, 2016
    Messages:
    1,546
    Location:
    Outside Philly
    Just to add a final thought on this problem: This has to be treated by Tesla as a bug. Hopefully this LTE problem is rare, however, if affected cars are on wifi, they are probably hitting on NTP servers 10's of times a second, times the number of affected cars. DDOS for NTP?

    It needs to throttle back. There's no need for checking NTP as often as its does on a normal basis. Now with the LTE outage, it's clear something needs to be tweaked. Reporting to Tesla, FWIW.
     
  11. namlio

    namlio Member

    Joined:
    Mar 3, 2016
    Messages:
    110
    Location:
    Asheville, NC; previously TX
    I know nothing about net work traffic. Do you have the new nav yet? Any possibility that it could be related to that download?
     
  12. Joe F

    Joe F Disruption is hard.

    Joined:
    Sep 19, 2016
    Messages:
    1,546
    Location:
    Outside Philly
    No, it is not possible.
     

Share This Page

  • About Us

    Formed in 2006, Tesla Motors Club (TMC) was the first independent online Tesla community. Today it remains the largest and most dynamic community of Tesla enthusiasts. Learn more.
  • Do you value your experience at TMC? Consider becoming a Supporting Member of Tesla Motors Club. As a thank you for your contribution, you'll get nearly no ads in the Community and Groups sections. Additional perks are available depending on the level of contribution. Please visit the Account Upgrades page for more details.


    SUPPORT TMC