Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
Keisuke_Kishimoto
Staff
Staff

Created on ‎04-03-2025 12:52 AM Edited on ‎04-03-2025 02:11 AM By Staff

Article Id 386080

Technical Tip: 'Transmit Timestamp' being sent at random even after synchronization.

Description This article describes the case of 'Transmit Timestamp' being sent at random even after synchronization.
Scope FortiManager v7.0 and above, FortiAnalyzer v7.0 and above.
Solution

Starting with FortiManager/FortiAnalyzer v7.0, chronyd is used instead of ntpd.
As an implementation of the NTP client, 'Transmit Timestamp' is based on the specification that it should be random for security reasons.


For this reason, even after time synchronization, all 'Transmit Timestamp' entries will be random.

 

Excerpt from an actual packet header:

 

Example 1: Inquiry from client:


Frame 5: 110 bytes on wire (880 bits), 110 bytes captured (880 bits)
Ethernet II, Src: SuperMicroCo_cb:7f:de (ac:1f:6b:cb:7f:de), Dst: Fortinet_34:3b:a3 (04:d5:90:34:3b:a3)
Internet Protocol Version 6, Src: 2001:1::7, Dst: 2001:1::1234
User Datagram Protocol, Src Port: 15119, Dst Port: 123
Network Time Protocol (NTP Version 4, client)
Flags: 0x23, Leap Indicator: no warning, Version number: NTP Version 4, Mode: client
[Response In: 6]
Peer Clock Stratum: unspecified or invalid (0)
Peer Polling Interval: 6 (64 seconds)
Peer Clock Precision: 32 (4294967296.000000000 seconds)
Root Delay: 0.000000 seconds
Root Dispersion: 0.000000 seconds
Reference ID: NULL
Reference Timestamp: NULL
Origin Timestamp: NULL
Receive Timestamp: NULL
Transmit Timestamp: Feb 23, 2066 08:34:26.005756264 UTC < ---- Fully random 'Transmit Timestamp' in client packets.

 

Response from the NTP server for example 1:


Frame 6: 110 bytes on wire (880 bits), 110 bytes captured (880 bits)
Ethernet II, Src: Fortinet_34:3b:a3 (04:d5:90:34:3b:a3), Dst: SuperMicroCo_cb:7f:de (ac:1f:6b:cb:7f:de)
Internet Protocol Version 6, Src: 2001:1::1234, Dst: 2001:1::7
User Datagram Protocol, Src Port: 123, Dst Port: 15119
Network Time Protocol (NTP Version 4, server)
Flags: 0x24, Leap Indicator: no warning, Version number: NTP Version 4, Mode: server
[Request In: 5]
[Delta Time: 0.000398000 seconds]
Peer Clock Stratum: secondary reference (3)
Peer Polling Interval: 6 (64 seconds)
Peer Clock Precision: -6 (0.015625000 seconds)
Root Delay: 0.124207 seconds
Root Dispersion: 0.058716 seconds
Reference ID: 208.91.112.61
Reference Timestamp: Mar 19, 2025 08:25:40.883638690 UTC
Origin Timestamp: Feb 23, 2066 08:34:26.005756264 UTC <---- Transmit Timestamp of the last NTP packet received. It is random.
Receive Timestamp: Mar 19, 2025 08:39:39.228816999 UTC
Transmit Timestamp: Mar 19, 2025 08:39:39.228841999 UTC

 

Example 2: Inquiry from client:


Frame 37: 110 bytes on wire (880 bits), 110 bytes captured (880 bits)
Ethernet II, Src: SuperMicroCo_cb:7f:de (ac:1f:6b:cb:7f:de), Dst: Fortinet_34:3b:a3 (04:d5:90:34:3b:a3)
Internet Protocol Version 6, Src: 2001:1::7, Dst: 2001:1::1234
User Datagram Protocol, Src Port: 40618, Dst Port: 123
Network Time Protocol (NTP Version 4, client)
Flags: 0x23, Leap Indicator: no warning, Version number: NTP Version 4, Mode: client
[Response In: 38]
Peer Clock Stratum: unspecified or invalid (0)
Peer Polling Interval: 6 (64 seconds)
Peer Clock Precision: 32 (4294967296.000000000 seconds)
Root Delay: 0.000000 seconds
Root Dispersion: 0.000000 seconds
Reference ID: NULL
Reference Timestamp: NULL
Origin Timestamp: NULL
Receive Timestamp: NULL
Transmit Timestamp: May 19, 2092 16:02:50.652679096 UTC <----- Fully random 'Transmit Timestamp' in client packets

 

Response from the NTP server for example 2:


Frame 38: 110 bytes on wire (880 bits), 110 bytes captured (880 bits)
Ethernet II, Src: Fortinet_34:3b:a3 (04:d5:90:34:3b:a3), Dst: SuperMicroCo_cb:7f:de (ac:1f:6b:cb:7f:de)
Internet Protocol Version 6, Src: 2001:1::1234, Dst: 2001:1::7
User Datagram Protocol, Src Port: 123, Dst Port: 40618
Network Time Protocol (NTP Version 4, server)
Flags: 0x24, Leap Indicator: no warning, Version number: NTP Version 4, Mode: server
[Request In: 37]
[Delta Time: 0.000251000 seconds]
Peer Clock Stratum: secondary reference (3)
Peer Polling Interval: 6 (64 seconds)
Peer Clock Precision: -6 (0.015625000 seconds)
Root Delay: 0.124207 seconds
Root Dispersion: 0.058716 seconds
Reference ID: 208.91.112.61
Reference Timestamp: Mar 19, 2025 08:25:40.883638690 UTC
Origin Timestamp: May 19, 2092 16:02:50.652679096 UTC <----- 'Transmit Timestamp' of the last NTP packet received. It is random.
Receive Timestamp: Mar 19, 2025 08:40:44.048316999 UTC
Transmit Timestamp: Mar 19, 2025 08:40:44.048346999 UTC
249
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.