NTP

Protocols

Definition

Network Time Protocol. A protocol for synchronizing clocks across computer networks to within milliseconds of Coordinated Universal Time (UTC). Critical for logging, authentication, and distributed systems.

Why Clock Synchronization Matters

NTP (Network Time Protocol) synchronizes the clocks of computers across a network to within a few milliseconds of Coordinated Universal Time (UTC). Accurate time is surprisingly critical for networking and security: SSL/TLSSecure Sockets Layer / Transport Layer Security. Cryptographic protocols that provide encrypted, authenticated communication over a network. SSL is deprecated; modern implementations use TLS 1.2 or TLS 1.3. certificates have validity windows checked against the local clock, DNSDomain Name System. The hierarchical, distributed naming system that translates human-readable domain names (e.g., example.com) into IP addresses (e.g., 93.184.216.34). Often called the "phonebook of the internet." record TTL (Time to Live)A field in an IP packet header that limits the packet's lifespan by specifying the maximum number of hops it can traverse. Each router decrements the TTL by one; when it reaches zero, the packet is discarded to prevent routing loops. expiry depends on time, distributed database transactions rely on timestamps for ordering, and log correlation across servers requires synchronized clocks to reconstruct event sequences.

Stratum Hierarchy

NTP uses a hierarchical reference system called strata. Stratum 0 devices are highly accurate atomic clocks or GPS receivers — they are not on the network. Stratum 1 servers connect directly to stratum 0 sources. Stratum 2 servers synchronize to stratum 1, and so on. Consumer devices typically operate at stratum 3 or 4. Each hop adds a small amount of uncertainty, but even stratum 3 servers achieve millisecond-level accuracy over a local network.

Protocol and Security

NTP uses UDPUser Datagram Protocol. A connectionless transport protocol that sends datagrams without establishing a connection or guaranteeing delivery. Faster than TCP, it is preferred for real-time applications like DNS queries, VoIP, gaming, and streaming. port 123. Because NTP responses can be much larger than requests, NTP servers have historically been exploited for DDoSDistributed Denial of Service. An attack that overwhelms a target server or network with massive traffic from many compromised sources (a botnet), rendering the service unavailable to legitimate users. amplification attacks — an attacker spoofs a victim's IP and sends small NTP queries, causing large responses to flood the victim. NTPv4 with authentication (using symmetric keys or autokey) mitigates this. Network Time Security (NTS), standardized in RFC 8915, adds TLSSecure Sockets Layer / Transport Layer Security. Cryptographic protocols that provide encrypted, authenticated communication over a network. SSL is deprecated; modern implementations use TLS 1.2 or TLS 1.3.-based authentication for NTP, making it resistant to Man-in-the-Middle AttackAn attack where an adversary secretly intercepts and potentially alters communication between two parties who believe they are communicating directly. HTTPS and certificate pinning are primary defenses against this attack. manipulation of time data.

Related Terms

More in Protocols