Clik here to view.
NTP Authentication at Juniper ScreenOS
Yes, ScreenOS is end-of-everything (EoE), but for historical reasons I still have some of them in my lab. ;D They simply work, while having lots of features when it comes to IPv6 such as DHCPv6-PD....
View ArticleClik here to view.
PAN Blocking Details
One of my readers sent me this question: We have an internal discussion about whether it is possible to block the 3 way hanshake TCP but allow the JDBC application protocol. In other words we would...
View ArticleClik here to view.
Using a FortiGate with a 6in4 Tunnel
For some reason, I am currently using a FortiGate on a location that has no native IPv6 support. Uh, I don’t want to talk about that. ;) However, at least the FortiGate firewalls are capable of 6in4...
View ArticleClik here to view.
Workaround for Not Using a Palo Alto with a 6in4 Tunnel
Of course, you should use dual-stack networks for almost everything on the Internet. Or even better: IPv6-only with DNS64/NAT64 and so on. ;) Unfortunately, still not every site has native IPv6...
View ArticleClik here to view.
Juniper ScreenOS with a 6in4 Tunnel
Yes, I know I know, the Juniper ScreenOS devices are Out-of-Everything (OoE), but I am still using them for a couple of labs. They simply work as a router and VPN gateway as well as a port-based...
View ArticleClik here to view.
6in4 Traffic Capture
Since my last blogposts covered many 6in4 IPv6 tunnel setups (1, 2, 3) I took a packet capture of some tunneled IPv6 sessions to get an idea how these packets look like on the wire. Feel free to...
View ArticleClik here to view.
DNS Capture: UDP, TCP, IP-Fragmentation, EDNS, ECS, Cookie
It’s not always this simple DNS thing such as “single query – single answer, both via UDP”. Sometimes you have some more options or bigger messages that look and behave differently on the network. For...
View ArticleClik here to view.
Basic NTP Client Test: ntpdate & sntp
During my work with a couple of NTP servers, I had many situations in which I just wanted to know whether an NTP server is up and running or not. For this purpose, I used two small Linux tools that...
View ArticleClik here to view.
Basic NTP Server Monitoring
Now that you have your own NTP servers up and running (such as some Raspberry Pis with external DCF77 or GPS times sources) you should monitor them appropriately, that is: at least their offset,...
View ArticleClik here to view.
Counting NTP Clients
Wherever you’re running an NTP server: It is really interesting to see how many clients are using it. Either at home, in your company or worldwide at the NTP Pool Project. The problem is that ntp...
View ArticleClik here to view.
Monitoring a DCF77 NTP Server
Now that you’re monitoring the Linux operating system as well as the NTP server basics, it’s interesting to have a look at some more details about the DCF77 receiver. Honestly, there is only one more...
View ArticleClik here to view.
Monitoring a GPS NTP Server
Beyond monitoring Linux OS and basic NTP statistics of your stratum 1 GPS NTP server, you can get some more values from the GPS receiver itself, namely the number of satellites (active & in view)...
View ArticleClik here to view.
Monitoring a Meinberg LANTIME NTP Server
Monitoring a Meinberg LANTIME appliance is much easier than monitoring DIY NTP servers. Why? Because you can use the provided enterprise MIB and load it into your SNMP-based monitoring system. Great....
View ArticleClik here to view.
Using RIPE Atlas for NTP Measurements
If you are operating a public available NTP server, for example when you’re going to join the NTP Pool Project, you probably want to test whether your server is working correctly. Either with a one-off...
View ArticleClik here to view.
Adding your NTP Server to the NTP Pool Project
You have a running NTP server with a static IP address? What about joining the NTP Pool project by adding your server to the pool? You will give something back to the Internet community and feel good...
View ArticleClik here to view.
Stats from Participating the NTP Pool Project
I am participating in the NTP Pool Project with at least one NTP server at a time. Of course, I am monitoring the count of NTP clients that are accessing my servers with some RRDtool graphs. ;) I was...
View ArticleClik here to view.
NTP Server’s Delta Time
This is a guest blogpost by Jasper Bongertz. His own blog is at blog.packet-foo.com. Running your own NTP server(s) is usually a good idea. Even better if you know that they’re working correctly and...
View ArticleClik here to view.
Incorrect Working IPv6 NTP Clients/Networks
During my analysis of NTP and its traffic to my NTP servers listed in the NTP Pool Project I discovered many ICMP error messages coming back to my servers such as port unreachables, address...
View ArticleClik here to view.
Network Time Security – New NTP Authentication Mechanism
This is a guest blogpost by Martin Langer, Ph.D. student for “Secured Time Synchronization Using Packet-Based Time Protocols” at Ostfalia University of Applied Sciences, Germany. In many areas, the use...
View ArticleClik here to view.
Network Time Security – Strengths & Weaknesses
This is a guest blogpost by Martin Langer, Ph.D. student for “Secured Time Synchronization Using Packet-Based Time Protocols” at Ostfalia University of Applied Sciences, Germany. The Network Time...
View Article