base/protocols/ntp/main.zeek
- NTP
- Namespace
NTP
Summary
Types
Redefinitions
|
|
Events
Event that can be handled to access the NTP record as it is sent on to the logging framework. |
Hooks
Detailed Interface
Types
- NTP::Info
- Type
-
- ts:
time
&log
Timestamp for when the event happened.
- uid:
string
&log
Unique ID for the connection.
- id:
conn_id
&log
The connection’s 4-tuple of endpoint addresses/ports.
- version:
count
&log
The NTP version number (1, 2, 3, 4).
- mode:
count
&log
The NTP mode being used.
- stratum:
count
&log
The stratum (primary server, secondary server, etc.).
- poll:
interval
&log
The maximum interval between successive messages.
- precision:
interval
&log
The precision of the system clock.
- root_delay:
interval
&log
Total round-trip delay to the reference clock.
- root_disp:
interval
&log
Total dispersion to the reference clock.
- ref_id:
string
&log
For stratum 0, 4 character string used for debugging. For stratum 1, ID assigned to the reference clock by IANA. Above stratum 1, when using IPv4, the IP address of the reference clock. Note that the NTP protocol did not originally specify a large enough field to represent IPv6 addresses, so they use the first four bytes of the MD5 hash of the reference clock’s IPv6 address (i.e. an IPv4 address here is not necessarily IPv4).
- ref_time:
time
&log
Time when the system clock was last set or correct.
- org_time:
time
&log
Time at the client when the request departed for the NTP server.
- rec_time:
time
&log
Time at the server when the request arrived from the NTP client.
- xmt_time:
time
&log
Time at the server when the response departed for the NTP client.
- num_exts:
count
&default
=0
&optional
&log
Number of extension fields (which are not currently parsed).
- ts:
Events
- NTP::log_ntp
-
Event that can be handled to access the NTP record as it is sent on to the logging framework.