Hi all, I noticed something I can't explain or find any explanation for anywhere.
I have one machine setup as a NTP server and another setup as couple of others setup as NTP clients. I ran tcpdump on the server listening for packets from 224.0.1.1 to know when it's transmitting, on the default router machine that's running pf as well as on the client. The server of course showed the packets and so did the gateway machine but tcpdump on the client wouldn't detect the packets unless the ntp daemon was actually running. Shouldn't tcpdump have picked up the packets off the wire regardless of whether the ntp daemon was running or not? The packets are still being broadcast and the daemon can't stop that. I'd have thought tcpdump would have detected the packets lower down the stack before they even got to the daemon. TIA, Steve -- Steve Laurie
