0
задан 20 August 2020 в 17:17

1 ответ

For your example blocked packet, the key indicator is the destination port, 123. That is the network time protocol port. And so the hint is that the service is NTP, which Ubuntu does run. The second indicator is the destination address which looks up as golem.canonical.com, which I assume is the Ubuntu NTP host. Actually, doiing a reverse lookup for ntp.ubuntu.com gives the same IP, so it has some alias':

$ nslookup ntp.ubuntu.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   ntp.ubuntu.com
Address: 91.189.89.198
Name:   ntp.ubuntu.com
Address: 91.189.89.199
Name:   ntp.ubuntu.com
Address: 91.189.94.4
Name:   ntp.ubuntu.com
Address: 91.189.91.157

Therefore the service is NTP.

Check via (this example is on a server, maybe desktops are the same):

$ systemctl status systemd-timesyncd
● systemd-timesyncd.service - Network Time Synchronization
     Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2020-08-19 15:22:05 PDT; 16h ago
       Docs: man:systemd-timesyncd.service(8)
   Main PID: 640 (systemd-timesyn)
     Status: "Initial synchronization to time server 91.189.89.199:123 (ntp.ubuntu.com)."
      Tasks: 2 (limit: 18892)
     Memory: 1.2M
     CGroup: /system.slice/systemd-timesyncd.service
             └─640 /lib/systemd/systemd-timesyncd

Aug 19 15:22:05 s18 systemd[1]: Starting Network Time Synchronization...
Aug 19 15:22:05 s18 systemd[1]: Started Network Time Synchronization.
Aug 19 15:22:11 s18 systemd-timesyncd[640]: Network configuration changed, trying to establish connection.
Aug 19 15:22:11 s18 systemd-timesyncd[640]: Initial synchronization to time server 91.189.89.199:123 (ntp.ubuntu.com).

While mine is working, yours will have failed to sync because you blocked the packets.

1
ответ дан 21 August 2020 в 07:54

Другие вопросы по тегам:

Похожие вопросы: