Network Time Protocol

from Wikipedia, the free encyclopedia
NTP (Network Time Protocol)
Family: Internet protocol family
Operation area: Synchronization of clocks in computer systems
Ports: 123 / UDP 123 / TCP
NTP in the TCP / IP protocol stack :
application NTP
transport UDP
Internet IP ( IPv4 , IPv6 )
Network access Ethernet Token
FDDI ...
Standards: RFC 5905

The Network Time Protocol ( NTP ) is a standard for synchronizing clocks in computer systems via packet-based communication networks . NTP uses the connectionless transport protocol UDP or connection-related TCP . It was specially developed to enable reliable time information via networks with variable packet transit times.

In common parlance, NTP denotes both the protocol and its software reference implementation. The Simple Network Time Protocol ( SNTP ) is a simplified version of the NTP.


Architecture NTP labels de.svg
Status message from the NTP daemon. Columns v. l. n. r .: status of the peer (+: is included; *: current main peer; -: is not taken into account); Server name (remote); Time source ID, here the IP of the server from which the peer has the time (refid); Server stratum (st); Type of server (u: unicast ); when was last requested in seconds (when); in which interval the server is queried (poll, in seconds); how often the server was reached (reach; 377 means that the last 8 queries were successful, a shift register ); the runtime (round trip time) of the NTP packet (delay); the offset of the local clock compared to the server (offset, in milliseconds) and how much the queried time fluctuates (jitter, milliseconds)

NTP was developed by David L. Mills at the University of Delaware and published as RFC 958 in 1985 . Under his leadership, the protocol and UNIX implementation are constantly being further developed. Protocol version 4 is currently up to date. UDP port 123 is reserved for NTP.

NTP is implemented in UNIX-like operating systems in the form of the background process ( daemon ) ntpd, which can both adjust the local system and, as a server, provide the time for other systems. Windows systems can also obtain the exact time from the Internet using NTP without additional software ( system control “Date and Time” / “Internet Time”) and, after editing an entry in the registration database, also provide it via NTP.

The UNIX-ntpd synchronizes the local clock with the help of external time signals that it receives either directly from a local atomic clock ( cesium clock, rubidium clock, etc.) or a local radio receiver ( e.g. DCF77 , GPS , LORAN ), or via NTP from a NTP server receives. The ntpd process not only corrects the phase, but also the frequency of the local timer with the help of a software PLL and a software FLL so that the local time does not only match the external signal precisely at the cyclical synchronization times . In order to couple the internal timer even more closely to an external standard time receiver with the help of a high-precision second signal, some UNIX variants (including Linux and FreeBSD ) have implemented the above-mentioned software PLL in the kernel.

The time stamps in NTP are 64 bits long. 32 bits encode the seconds since January 1, 1900 00:00:00, another 32 bits encode the fraction of a second. In this way, a period of 2 32 seconds (about 136 years) can be represented with a resolution of 2 −32 seconds (about 0.23 nanoseconds).

NTP uses a hierarchical system of different strata (plural of stratum ). Stratum 0 is the time standard, for example an atomic clock or a radio clock (time signal receiver via GNSS or DCF77 ). The NTP servers directly linked to it are called Stratum 1. Each additional dependent unit is given a higher number (Stratum 2, Stratum 3 ...). The NTP software on stratum 1, stratum 2, stratum 3 etc. is at the same time the client of the stratum above and the server of the stratum below, if one exists.

Error, algorithm and accuracy

The local system time of a processor environment varies with various typical sources of error. This leads to at least two typical errors:

  • short-term fluctuations in the time increment along the current time
  • stable local deviations from a common system time

Both timing errors are compensated for using different methods.

The local deviations due to the latency of the stochastically determined transmission paths are compensated by the server ( Berkeley algorithm ) or the client ( Cristians algorithm ) by measuring the packet cycle time .

The short-term pseudo-stochastic deviations of the local system clock can only be compensated by a better system clock (frequency standard) and direct reception of satellite signals ( GPS ) or other time standards ( DCF77 ).

NTP uses the Marzullo algorithm (developed by Keith Marzullo from the University of San Diego in his dissertation ) for internal error compensation in the processor environment and also an algorithm to handle Byzantine errors . NTP is usually with a UTC - time scale used.

NTP supports leap seconds . By looking at the leap seconds in the log, a new second scale is used with every leap second (which, however, rarely occurs). However, the actual time elapsed since a certain point in time is usually used for the system time scale, and leap seconds only come into play when the time is displayed.

NTPv4 can keep the local time of a system over the public Internet with an accuracy of 10 milliseconds, in local networks even accuracies of 200 microseconds and better are possible under ideal conditions. With a sufficiently stable local frequency standard as clock generator (thermostat-controlled quartz oscillator , rubidium oscillator, etc.), the error between the reference timer and the local clock can be reduced to the order of a few microseconds using the kernel PLL (see above) .


The Simple Network Time Protocol (SNTP) is a simplified version of the NTP. It is described in RFC 4330 .

The structure of the protocol is identical to that of NTP. SNTP clients can thus also obtain the time from NTP servers. The main difference lies in the algorithms used for time synchronization. While with NTP the time synchronization usually takes place with several time servers, with SNTP only one time server is used. SNTP also dispenses with influencing the phase and frequency of the local clock. Therefore, SNTP cannot provide the same accuracy as NTP. Due to the simpler algorithms, SNTP requires fewer computing resources, but this is negligible with the computing power available today.

Older Windows versions such as Windows 2000 use SNTP to keep the time on the local computer up to date. This is done by the Windows service W32Time. In Windows XP and Windows Server 2003 , the dynamic link library W32Time.dll has been revised so that NTP is now used for time synchronization.

Since Microsoft first introduced the method for time synchronization with Windows 2000 , some software manufacturers have developed independent programs for time synchronization under Windows. Modern authentication systems (such as Kerberos ), which are used in Windows 2000 and newer versions, require time stamps to increase security, which is why there is also an application for NTP here.


In addition to the reference NTP software, which is available on the NTP website for various operating systems, a number of manufacturers offer ready-made standalone solutions that can be used as NTP time sources in computer networks of all sizes.

Several thousand NTP servers have formed an NTP pool .


The standards are defined in the following RFCs :

  • RFC 5905 - NTPv4 protocol and algorithm - backwards compatible with RFC 1305 for version 3
  • RFC 5906 - NTPv4 Autokey Specification
  • RFC 5907 - NTPv4 MIB
  • RFC 5908 - NTP Server Option for DHCPv6
  • RFC 4330 - Simple Network Time Protocol (SNTP) Version 4 for IPv4, IPv6 and OSI
  • RFC 2783 - PPS API (high-precision time synchronization with Unix kernels)



The Precision Time Protocol ( PTP ) is a network protocol that synchronizes the time settings of several devices in a computer network . In contrast to the Network Time Protocol (NTP), PTP strives for higher accuracy in locally limited networks. This enables an accuracy of nanoseconds in hardware and less than a microsecond in software . PTP is defined in IEEE 1588 and adopted in IEC 61588.


In 2004 Henning Brauer presented the NTP implementation OpenNTPD, which focuses on security. The protocol is compatible with existing NTP servers. It was originally written for OpenBSD , but is now also available as a portable version and as a package in the Linux package manager. OpenNTPD has been criticized for not offering the same level of accuracy as NTP. The deviations can be 50–200 ms.


The NTPD program serves as a time server, time client and covers many other functions. Since the source code of the NTP reference implementation is very extensive with over 300,000 lines, the Linux Foundation is promoting modularization with the Ntimed project by FreeBSD developer Poul-Henning Kamp. The client source code comprises approx. 3700 lines. Slave servers, refclocks and protocols such as PTP will be added if you are interested in the project.


NTPsec is like a fork of the original NTPD project with the aim of making the program more secure through various measures. The code base was adapted to current standards. a. this reduces the LOC from 253k to 62k .


The protection of the HTTP Strict Transport Security Protocol ( HSTS ) by HTTPS can be circumvented with forged NTP responses . In addition, NTP servers are sometimes misused for reflection attacks, as NTP uses connectionless UDP . If attackers send packets with a falsified sender address to an NTP server, the response ends up with the victim. If the response is larger than the request, it can be used to intensify denial-of-service attacks. The TLS protocol, which emerged later, avoids these and other problems, as it also transmits time information. With the tlsdate program developed by Jacob Appelbaum , the TLS protocol also takes on the function of the NTP protocol. A disadvantage of tlsdate is its rather large inaccuracy of a maximum of +/- one second, plus the network latency. The relatively large inaccuracy primarily results from the time stamp resolution of one second that exists with TLS 1.2. From TLS version 1.3, the time previously transmitted via TLS is no longer applicable. tlsdate is therefore not a permanent problem solution in the current version.

See also


  • David L. Mills: Computer Network Time Synchronization: The Network Time Protocol . CRC Taylor & Francis, Boca Raton 2006, ISBN 0-8493-5805-1 .

Web links

Individual evidence

  1. ntpq - standard NTP query program. Accessed December 1, 2019 .
  2. NTP Version 4 Release Notes. Accessed December 1, 2019 .
  3. SIOS. Accessed December 1, 2019 .
  4. What is Stratum 1? | EndRun Technologies. Accessed December 1, 2019 .
  5. ( PostScript )
  6. Spectracom (Ed.): What is the difference between NTP and SNTP? New York July 21, 2004 (American English, [PDF; 32 kB ; accessed on May 29, 2009]).
  7. NTP-related RFCs. Internet Systems Consortium
  8. OpenBSD FAQ: Networking. Retrieved September 1, 2018 .
  9. Sebastian Grüner: Linux Foundation sponsors NTPD alternative .
  10. Less Is More: Stripping Down NTP. Accessed December 1, 2019 .
  11. What we've accomplished. Accessed December 1, 2019 .
  12. Hanno Böck: Security gaps in NTP .
  13. a b Don't update NTP - stop using it - Hanno's blog. Retrieved September 12, 2018 .