base/protocols/ntp/main.zeek
- NTP
- Namespace
NTP
Summary
Types
Redefinitions
|
|
Events
Event that can be handled to access the NTP record as it is sent on to the logging framework. |
Hooks
Detailed Interface
Types
- NTP::Info
- Type
-
- ts:
time&log Timestamp for when the event happened.
- uid:
string&log Unique ID for the connection.
- id:
conn_id&log The connection’s 4-tuple of endpoint addresses/ports.
- version:
count&log The NTP version number (1, 2, 3, 4).
- mode:
count&log The NTP mode being used.
- stratum:
count&log The stratum (primary server, secondary server, etc.).
- poll:
interval&log The maximum interval between successive messages.
- precision:
interval&log The precision of the system clock.
- root_delay:
interval&log Total round-trip delay to the reference clock.
- root_disp:
interval&log Total dispersion to the reference clock.
- ref_id:
string&log For stratum 0, 4 character string used for debugging. For stratum 1, ID assigned to the reference clock by IANA. Above stratum 1, when using IPv4, the IP address of the reference clock. Note that the NTP protocol did not originally specify a large enough field to represent IPv6 addresses, so they use the first four bytes of the MD5 hash of the reference clock’s IPv6 address (i.e. an IPv4 address here is not necessarily IPv4).
- ref_time:
time&log Time when the system clock was last set or correct.
- org_time:
time&log Time at the client when the request departed for the NTP server.
- rec_time:
time&log Time at the server when the request arrived from the NTP client.
- xmt_time:
time&log Time at the server when the response departed for the NTP client.
- num_exts:
count&default=0&optional&log Number of extension fields (which are not currently parsed).
- ts:
Events
- NTP::log_ntp
-
Event that can be handled to access the NTP record as it is sent on to the logging framework.