What is NTP Enumeration? – Network Time Protocol (NTP) is designed to synchronize clocks of networked computers.
It uses UDP port 123 as its primary means of communication, NTP can maintain time to within 10 milliseconds(1/100 seconds) over the public Internet.
It can achieve accuracies of 200 microseconds or better in local area networks under ideal conditions. Arracker queries NTP server to gather valuable information such as:
- List of host connected to NTP server
- Clients IP addresses in a network, their system names and OSs
- Internal IPs can also be obtained if NTP server is in the demilitarized zone (DMZ)
What is NTP Enumeration?
Administrators often overlook the Network Time Protocol (NTP) server in terms of security. However, if queried properly, it can provide valuable network information to the attackers. Therefore, it is necessary to know what information an attacker can obtain about a network through NTP enumeration. This section describes NTP enumeration, information extracted via NTP enumeration, various NTP enumeration commands, and NTP enumeration tools.
NNTP is designed to synchronize clocks of networked computers. It uses UDP port 123 as its primary means of communication. NTP can maintain time to within 10 milliseconds (1/10 seconds) over the public Internet. It can achieve accuries of 200 microseconds or better in local area networks under ideal conditions.
NTP Enumeration Commands
NTP enumeration commands include ntpdate, ntptrace, ntpdc, and ntpq to query the NTP server for valuable information.
This command collects the number of time samples from a number of time sources.
Syntax: ntpdate [-bBdoqsuv] [-a key] [-e authdelay] [-k keyfile] [-o version] [-p samples] [-t timeout] [server/IP_address]
This command determines from where the NTP server gets time and follows the chains of NTP servers back to its prime time source.
Syntax : ntptrace [-vdn] [-r retries] [-t timeout] [servername/IP_address]
This command queries the ntpd daemon about its current state and requests changes in that state.
Syntax : ntpdc [-i lnps] [-c command] [hostname/IP_address]
This command monitors NTP daemon ntpd operations and determine performance.
Syntax: ntpq [-inp] [-c command] [host/IP_address]
What is NTP Enumeration?
NTP Enumeration Tools
PRTG Network Monitor includes SNTP Sensor monitors, a Simple Network Time Protocol (SNTP) server that shows response time of the server and time difference in comparison to the local system time.
NTP enumeration tools are used to monitor working of NTP and SNTP servers present in the network and also help in the configuration and verification of connectivity from the time client to the NTP servers.
PRTG Network Monitor
Source: PRTG Network Monitor Tool
PRTG monitors all systems, devices, traffic and applications of the IT infrastructure using various technologies such as SNMP, WMI, SSH, etc. PRTG Network Monitor includes SNTP Sensor monitors, a Simple Network Time Protocol (SNTP) server that shows response time of the server and time difference in comparison to the local system time.
What is NTP Enumerations?
Some of the NTP enumerations tools include:
- Nmap – Click Here
- Wireshark – Click Here
- udp-proto-scanner – Click Here
- NTP Time Server Monitor – Click Here
If You Like This Please Comment IT Down
For More Hacking Content Click Here