NTP Traffic, but NTP not installed

Question

I have recently started with OPNSense and have limited outgoing traffic to HTTP/s, SSH ports. When analyzing my blocked traffic i found sporadic outgoing NTP-Requests from my local Linux machine.

I am not very familiar with NTP.
I am now wondering a few things.

The source port is always different. Is this normal behavior/ caused by the firewall block?
```
192.168.1.101:52936
192.168.1.101:54299
192.168.1.101:45992
...
```
I actually don't have NTP installed. So i don't quite understand why i even have NTP traffic?

Yes, source port is a random high-port, destination port is 123. Are you sure you dont have a NTP-client? Most distros have one preinstalled... — Virsacer, Mar 23 '22 at 16:08
Oh okay good to know. I have checked for both the ntp and openntpd package (Arch). So unless it is some really strange NTP-client that came as a dependency, i shouldn't really. — Coalbl4ck, Mar 23 '22 at 16:47

score 1 · Accepted Answer · answered Mar 24 '22 at 07:14

1

Many Linux distros ship with an NTP client enabled by default. Check your system for chrony or systemd-timesyncd. The latter is the default on most systemd-enabled distributions.

answered Mar 24 '22 at 07:14

Paul Gear

3,938
15
36

1

Right, i actually have a systemd-timesyncd service running. Thanks for the answer! :) – Coalbl4ck Mar 24 '22 at 10:58

NTP Traffic, but NTP not installed

1 Answers1