Understanding ntpq -p
2015-05-18 10:20
It's often important to keep track of time but perhaps it's even more important to know how accurate your system is. The standard NTP query program (ntpq) is a utility program to get the current state from your system.
The documentation for the -p option says:
Print a list of the peers known to the server as well as a summary of their state.
This is a quick explanation of how to read the output.
Example Output
From a system with a newly installed ntpd:
~$ ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
*time4.stupi.se .PPS. 1 u 2 128 377 7.796 16.636 4.146
+213-21-116-142. 192.36.144.22 2 u 18 64 377 8.261 17.013 3.807
+ntp.xpd.se 192.36.144.22 2 u 38 64 377 8.855 20.929 2.537
+mail.joacimmeli 192.36.144.22 2 u 28 64 377 9.228 19.509 25.804
+juniperberry.ca 193.79.237.14 2 u 26 64 377 44.612 19.835 2.443
~$
From a system that have been running ntpd for a while:
~$ ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
*94-246-113-188. 192.36.144.23 2 u 274 1024 377 12.757 -0.106 0.015
+46-22-115-26.ip 212.181.208.75 3 u 634 1024 377 7.500 -1.263 0.095
+178.73.198.130 78.205.65.162 3 u 611 1024 377 7.602 -2.050 0.202
~$
How Read The Output
The output is a list of the NTP servers (peers) your system knows about. The prefix tells us which one is being used for the moment (marked with *, called the system peer) and which is taken into account (marked with a +) and which are being ignored (marked with a -). The state is continously changing.
Following the prefix is the host name or IP of the peer. Then comes the refid which is a association ID or a kiss code (we can ignore this for now).
Next is the stratum, telling us how many hops from the source server we are. 1 means we're talking directly to the source NTP server. The type follows as u for unicast, b for broadcast and l for local.
Then we have the number of seconds since we last talked to the server (when) and how often we're asking (poll).
The reach number is a circular log buffer of eight bit-flags representing the status of the last eight transactions between our system and the remote peer. The value is shown as octal and max value is 377 (the binary number 11111111 as octal). It's a bit hard to interpret by just looking at it since you need to translate it into binary to make any sense of it. Since NTP uses UDP as transport a lost packet is no cause for alarm by itself.
Next the delay tells us the round trip time (how long it takes for a request to recieve a reply) in milliseconds. Lower is obviously better.
Next comes the offset which tells us how big the time error is for our system.
The last number, jitter, tells us the mean deviation of multiple time samples from this peer. This number should be low. A high number could indicate network issues.