| 1 |
4ae45b10
|
Ermal Luçi
|
# (S)NTP - (Simple) Network Time Protocol - RFCs 1305 and 2030
|
| 2 |
|
|
# Pattern attributes: good fast fast overmatch
|
| 3 |
|
|
# Protocol groups: time_synchronization ietf_draft_standard
|
| 4 |
|
|
# Wiki: http://www.protocolinfo.org/wiki/NTP
|
| 5 |
66f2dd0e
|
Ermal Lu?i
|
# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
|
| 6 |
4ae45b10
|
Ermal Luçi
|
#
|
| 7 |
|
|
# This pattern is tested and is believed to work.
|
| 8 |
|
|
|
| 9 |
|
|
# client|server
|
| 10 |
|
|
# Requires the server's timestamp to be in the present or future (of 2005).
|
| 11 |
|
|
# Tested with ntpdate on Linux.
|
| 12 |
|
|
# Assumes version 2, 3 or 4.
|
| 13 |
|
|
|
| 14 |
|
|
# Note that ntp packets are always 48 bytes, so you should match on that too.
|
| 15 |
|
|
|
| 16 |
|
|
ntp
|
| 17 |
|
|
^([\x13\x1b\x23\xd3\xdb\xe3]|[\x14\x1c$].......?.?.?.?.?.?.?.?.?[\xc6-\xff])
|