bluepoint
Very Senior Member
Here's is an example of an intercepted time request(chrony) from a satellite tv box in my network.From my perspective the IPv6 issue is whether there may be a way to persuade those devices that default to it (such as mobile phones, ipads, etc) to use chrony rather than going direct. If they are checking a picking up the time directly and correctly that is also fine - it is more a matter of neatness, and solving by disabling IPv6 (or dropping ntp calls on ipv6) seems to me to be defeatist.
The issues I am more interested are (1) how can i track which devices are making IPv4 ntp calls and (2) why some of these calls are not being caught and are bypassing chrony.
If you'll notice the source ip and destination ip are both within the LAN plus the source port used is dynamic towards the destination port 123. If there was no NTP server in the LAN or there was no intervention, the traffic will travel from LAN to WAN in which case the client ip will be the source ip, source port 123 and destination ip will be of the NTP server with destination port 123.
Maybe, tcpdump can't capture the intercept?