Understanding ntpq -p

2015-05-18 10:20

time is of the essence!

It's often important to keep track of time but perhaps it's even more important to know how accurate your system is. The standard NTP query program (ntpq) is a utility program to get the current state from your system.

The documentation for the -p option says:

Print a list of the peers known to the server as well as a summary of their state.

This is a quick explanation of how to read the output.

Example Output

From a system with a newly installed ntpd:

~$ ntpq -p
remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*time4.stupi.se  .PPS.            1 u    2  128  377    7.796   16.636   4.146
+213-21-116-142. 192.36.144.22    2 u   18   64  377    8.261   17.013   3.807
+ntp.xpd.se      192.36.144.22    2 u   38   64  377    8.855   20.929   2.537
+mail.joacimmeli 192.36.144.22    2 u   28   64  377    9.228   19.509  25.804
+juniperberry.ca 193.79.237.14    2 u   26   64  377   44.612   19.835   2.443
~$

From a system that have been running ntpd for a while:

~$ ntpq -p
remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*94-246-113-188. 192.36.144.23    2 u  274 1024  377   12.757   -0.106   0.015
+46-22-115-26.ip 212.181.208.75   3 u  634 1024  377    7.500   -1.263   0.095
+178.73.198.130  78.205.65.162    3 u  611 1024  377    7.602   -2.050   0.202
~$

How Read The Output

The output is a list of the NTP servers (peers) your system knows about. The prefix tells us which one is being used for the moment (marked with *, called the system peer) and which is taken into account (marked with a +) and which are being ignored (marked with a -). The state is continously changing.

Following the prefix is the host name or IP of the peer. Then comes the refid which is a association ID or a kiss code (we can ignore this for now).

Next is the stratum, telling us how many hops from the source server we are. 1 means we're talking directly to the source NTP server. The type follows as u for unicast, b for broadcast and l for local.

Then we have the number of seconds since we last talked to the server (when) and how often we're asking (poll).

The reach number is a circular log buffer of eight bit-flags representing the status of the last eight transactions between our system and the remote peer. The value is shown as octal and max value is 377 (the binary number 11111111 as octal). It's a bit hard to interpret by just looking at it since you need to translate it into binary to make any sense of it. Since NTP uses UDP as transport a lost packet is no cause for alarm by itself.

Next the delay tells us the round trip time (how long it takes for a request to recieve a reply) in milliseconds. Lower is obviously better.

Next comes the offset which tells us how big the time error is for our system.

The last number, jitter, tells us the mean deviation of multiple time samples from this peer. This number should be low. A high number could indicate network issues.

Further Information