Tutorial: Network Time Protocol (NTP)
layer 7 NTPContents
Introduction
This tutorial discusses the plugin ntpDecode. It is a common standard for synchronizing network equipment of all sorts.
Preparation
First, restore T2 into a pristine state by removing all unnecessary or older plugins from the plugin folder ~/.tranalyzer/plugins:
t2build -e -y
Are you sure you want to empty the plugin folder '/home/wurst/.tranalyzer/plugins' (y/N)? yes
Plugin folder emptied
Then compile the core (tranalyzer2) and the following plugins:
t2build tranalyzer2 basicFlow ntpDecode txtSink
...
BUILD SUCCESSFUL
If you did not create a separate data and results directory yet, please do it now in another bash window, that facilitates your workflow:
mkdir ~/data ~/results
The sample PCAP used in this tutorial can be downloaded here: ntp.pcap.
Please save it in your ~/data folder.
Now you are all set for analyzing NTP traffic!
ntpDecode
This plugin was originally developed for troubleshooting purposes and evolved in the last time a bit.
Let’s look at the plugin configuration first:
ntpDecode
vi src/ntpDecode.h
...
/* ========================================================================== */
/* ------------------------ USER CONFIGURATION FLAGS ------------------------ */
/* ========================================================================== */
#define NTP_TS 1 // 1: print NTP timestamps, 0: no timestamps
#define NTP_LIVM_HEX 0 // Leap indicator, version number and mode:
// 0: split into three values, 1: aggregated hex number
/* ========================================================================== */
/* ------------------------- DO NOT EDIT BELOW HERE ------------------------- */
/* ========================================================================== */
...NTP_TS controls the output of NTP timestamps while NTP_LIVM_HEX controls the display of the leap indicator. We leave everything by default.
Now run t2 on the supplied pcap.
================================================================================ Tranalyzer 0.8.14 (Anteater), Tarantula. PID: 13131 ================================================================================ [INF] Creating flows for L2, IPv4, IPv6 Active plugins: 01: basicFlow, 0.8.14 02: ntpDecode, 0.8.14 03: txtSink, 0.8.14 [INF] IPv4 Ver: 5, Rev: 16122020, Range Mode: 0, subnet ranges loaded: 406105 (406.11 K) [INF] IPv6 Ver: 5, Rev: 17122020, Range Mode: 0, subnet ranges loaded: 51345 (51.34 K) Processing file: /home/wurst/data/ntp.pcap Link layer type: Ethernet [EN10MB/1] Dump start: 1472570513.207925 sec (Tue 30 Aug 2016 15:21:53 GMT) Dump stop : 1472572749.211326 sec (Tue 30 Aug 2016 15:59:09 GMT) Total dump duration: 2236.003401 sec (37m 16s) Finished processing. Elapsed time: 0.001044 sec Finished unloading flow memory. Time: 0.001184 sec Percentage completed: 100.00% Number of processed packets: 38 Number of processed bytes: 3420 (3.42 K) Number of raw bytes: 3420 (3.42 K) Number of pcap bytes: 4052 (4.05 K) Number of IPv4 packets: 38 [100.00%] Number of A packets: 19 [50.00%] Number of B packets: 19 [50.00%] Number of A bytes: 1710 (1.71 K) [50.00%] Number of B bytes: 1710 (1.71 K) [50.00%] Average A packet load: 90.00 Average B packet load: 90.00 -------------------------------------------------------------------------------- ntpDecode: Aggregated ntpStat=0x01 ntpDecode: Number of NTP packets: 38 [100.00%] -------------------------------------------------------------------------------- Headers count: min: 3, max: 3, average: 3.00 Number of UDP packets: 38 [100.00%] Number of UDP bytes: 3420 (3.42 K) [100.00%] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Number of processed flows: 38 Number of processed A flows: 19 [50.00%] Number of processed B flows: 19 [50.00%] Number of request flows: 19 [50.00%] Number of reply flows: 19 [50.00%] Total A/B flow asymmetry: 0.00 Total req/rply flow asymmetry: 0.00 Number of processed packets/flows: 1.00 Number of processed A packets/flows: 1.00 Number of processed B packets/flows: 1.00 Number of processed total packets/s: 0.02 Number of processed A+B packets/s: 0.02 Number of processed A packets/s: 0.01 Number of processed B packets/s: 0.01 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Number of average processed flows/s: 0.02 Average full raw bandwidth: 12 b/s Average full bandwidth : 12 b/s Max number of flows in memory: 6 [0.00%] Memory usage: 0.01 GB [0.02%] Aggregated flowStat=0x0400000000004000 [INF] IPv4 flows
The end report detect 38 NTP packets. The aggregated ntpStat currently has only one bit which states, there is NTP.
The ntpStat column with value 0x01 is to be interpreted as follows:
bit | ntpStat | Description
=============================================================================
0 | 0x01 | NTP port detected
Now let’s look at the flow file. You will see all relevant information about time synchronization including stratum, precision, time stamps, etc. So you can troubleshoot whether the time synchronization works as configured.
tcol ~/results/ntp_flows.txt
%dir flowInd flowStat timeFirst timeLast duration numHdrDesc numHdrs hdrDesc srcMac dstMac ethType ethVlanID srcIP srcIPCC srcIPOrg srcPort dstIP dstIPCC dstIPOrg dstPort l4Proto ntpStat ntpLi_V_M ntpStrat ntpRefClkId ntpRefStrId ntpPollInt ntpPrec ntpRtDelMin ntpRtDelMax ntpRtDispMin ntpRtDispMax ntpRefTS ntpOrigTS ntpRecTS ntpTranTS
A 1 0x0400000000004000 1472570513.207925 1472570513.207925 0.000000 1 3 eth:ipv4:udp e0:3f:49:7e:59:79 00:00:5e:00:01:11 0x0800 10.20.6.146 04 "Private network" 123 77.245.18.26 ch "nexellent ag" 123 17 0x01 0_4_3 0x03 77.245.18.26 512 1 0.00453193 0.00453193 0.06161593 0.06161593 1472569999.211569 1472569999.211361 1472569999.211569 1472570513.207891
B 1 0x0400000000004001 1472570513.211535 1472570513.211535 0.000000 1 3 eth:ipv4:udp 90:e2:ba:0c:39:84 e0:3f:49:7e:59:79 0x0800 77.245.18.26 ch "nexellent ag" 123 10.20.6.146 04 "Private network" 123 17 0x01 0_4_4 0x02 192.33.96.102 512 1 0.0009613184 0.0009613184 0.01878386 0.01878386 1472570362.242637 1472570513.207891 1472570513.211010 1472570513.211078
A 2 0x0400000000004000 1472570618.207919 1472570618.207919 0.000000 1 3 eth:ipv4:udp e0:3f:49:7e:59:79 00:00:5e:00:01:11 0x0800 10.20.6.146 04 "Private network" 123 77.109.139.83 ch "Init7" 123 17 0x01 0_4_3 0x03 77.245.18.26 512 1 0.00453193 0.00453193 0.03067063 0.03067063 1472570513.211536 1472570091.211276 1472570091.211306 1472570618.207885
B 2 0x0400000000004001 1472570618.211312 1472570618.211312 0.000000 1 3 eth:ipv4:udp 90:e2:ba:0c:39:84 e0:3f:49:7e:59:79 0x0800 77.109.139.83 ch "Init7" 123 10.20.6.146 04 "Private network" 123 17 0x01 0_4_4 0x02 192.33.96.102 512 1 0.003860533 0.003860533 0.0301976 0.0301976 1472569796.057972 1472570618.207885 1472570618.210994 1472570618.211015
A 3 0x0400000000004000 1472570632.207919 1472570632.207919 0.000000 1 3 eth:ipv4:udp e0:3f:49:7e:59:79 00:00:5e:00:01:11 0x0800 10.20.6.146 04 "Private network" 123 193.225.118.129 hu "KIFU" 123 17 0x01 0_4_3 0x03 77.245.18.26 512 1 0.00453193 0.00453193 0.03088426 0.03088426 1472570513.211536 1472570108.224029 1472570108.240425 1472570632.207887
B 3 0x0400000000004001 1472570632.240444 1472570632.240444 0.000000 1 3 eth:ipv4:udp 90:e2:ba:0c:39:84 e0:3f:49:7e:59:79 0x0800 193.225.118.129 hu "KIFU" 123 10.20.6.146 04 "Private network" 123 17 0x01 0_4_4 0x02 228.143.95.23 512 1 0.0005951019 0.0005951019 0.005096513 0.005096513 1472570591.047067 1472570632.207887 1472570632.223725 1472570632.223768
A 4 0x0400000000004000 1472570705.207932 1472570705.207932 0.000000 1 3 eth:ipv4:udp e0:3f:49:7e:59:79 00:00:5e:00:01:11 0x0800 10.20.6.146 04 "Private network" 123 130.60.204.10 ch "Universitaet Zuerich" 123 17 0x01 0_4_3 0x03 77.245.18.26 512 1 0.00453193 0.00453193 0.03198291 0.03198291 1472570513.211536 1472570180.212284 1472570180.212053 1472570705.207906
B 4 0x0400000000004001 1472570705.212115 1472570705.212115 0.000000 1 3 eth:ipv4:udp 90:e2:ba:0c:39:84 e0:3f:49:7e:59:79 0x0800 130.60.204.10 ch "Universitaet Zuerich" 123 10.20.6.146 04 "Private network" 123 17 0x01 0_4_4 0x04 130.60.204.8 512 1 0.002197299 0.002197299 0.07370108 0.07370108 1472570312.541679 1472570705.207906 1472570705.211867 1472570705.211971
A 5 0x0400000000004000 1472571032.207897 1472571032.207897 0.000000 1 3 eth:ipv4:udp e0:3f:49:7e:59:79 00:00:5e:00:01:11 0x0800 10.20.6.146 04 "Private network" 123 77.245.18.26 ch "nexellent ag" 123 17 0x01 0_4_3 0x03 77.245.18.26 512 1 0.00453193 0.00453193 0.03688106 0.03688106 1472570513.211536 1472570513.211078 1472570513.211536 1472571032.207868
B 5 0x0400000000004001 1472571032.211551 1472571032.211551 0.000000 1 3 eth:ipv4:udp 90:e2:ba:0c:39:84 e0:3f:49:7e:59:79 0x0800 77.245.18.26 ch "nexellent ag" 123 10.20.6.146 04 "Private network" 123 17 0x01 0_4_4 0x02 192.33.96.102 512 1 0.0009613184 0.0009613184 0.02656596 0.02656596 1472570362.242637 1472571032.207868 1472571032.210783 1472571032.210863
A 6 0x0400000000004000 1472571132.207904 1472571132.207904 0.000000 1 3 eth:ipv4:udp e0:3f:49:7e:59:79 00:00:5e:00:01:11 0x0800 10.20.6.146 04 "Private network" 123 77.109.139.83 ch "Init7" 123 17 0x01 0_4_3 0x03 77.245.18.26 512 1 0.00453193 0.00453193 0.0383917 0.0383917 1472570513.211536 1472570618.211015 1472570618.211313 1472571132.207872
B 6 0x0400000000004001 1472571132.211246 1472571132.211246 0.000000 1 3 eth:ipv4:udp 90:e2:ba:0c:39:84 e0:3f:49:7e:59:79 0x0800 77.109.139.83 ch "Init7" 123 10.20.6.146 04 "Private network" 123 17 0x01 0_4_4 0x02 192.33.96.102 512 1 0.003860533 0.003860533 0.03790341 0.03790341 1472569796.057972 1472571132.207872 1472571132.210707 1472571132.210740
A 7 0x0400000000004000 1472571173.207923 1472571173.207923 0.000000 1 3 eth:ipv4:udp e0:3f:49:7e:59:79 00:00:5e:00:01:11 0x0800 10.20.6.146 04 "Private network" 123 193.225.118.129 hu "KIFU" 123 17 0x01 0_4_3 0x03 77.245.18.26 512 1 0.00453193 0.00453193 0.03900206 0.03900206 1472570513.211536 1472570632.223768 1472570632.240444 1472571173.207881
B 7 0x0400000000004001 1472571173.240507 1472571173.240507 0.000000 1 3 eth:ipv4:udp 90:e2:ba:0c:39:84 e0:3f:49:7e:59:79 0x0800 193.225.118.129 hu "KIFU" 123 10.20.6.146 04 "Private network" 123 17 0x01 0_4_4 0x02 228.143.95.23 512 1 0.0005798428 0.0005798428 0.009277485 0.009277485 1472570657.047002 1472571173.207881 1472571173.223569 1472571173.223611
A 8 0x0400000000004000 1472571238.207912 1472571238.207912 0.000000 1 3 eth:ipv4:udp e0:3f:49:7e:59:79 00:00:5e:00:01:11 0x0800 10.20.6.146 04 "Private network" 123 130.60.204.10 ch "Universitaet Zuerich" 123 17 0x01 0_4_3 0x03 77.245.18.26 512 1 0.00453193 0.00453193 0.03997864 0.03997864 1472570513.211536 1472570705.211971 1472570705.212116 1472571238.207879
B 8 0x0400000000004001 1472571238.212333 1472571238.212333 0.000000 1 3 eth:ipv4:udp 90:e2:ba:0c:39:84 e0:3f:49:7e:59:79 0x0800 130.60.204.10 ch "Universitaet Zuerich" 123 10.20.6.146 04 "Private network" 123 17 0x01 0_4_4 0x04 130.60.205.7 512 1 0.002014191 0.002014191 0.07621881 0.07621881 1472570950.541664 1472571238.207879 1472571238.211619 1472571238.211725
A 9 0x0400000000004000 1472571559.207906 1472571559.207906 0.000000 1 3 eth:ipv4:udp e0:3f:49:7e:59:79 00:00:5e:00:01:11 0x0800 10.20.6.146 04 "Private network" 123 77.245.18.26 ch "nexellent ag" 123 17 0x01 0_4_3 0x03 77.245.18.26 512 1 0.00453193 0.00453193 0.04478523 0.04478523 1472570513.211536 1472571032.210863 1472571032.211552 1472571559.207875
B 9 0x0400000000004001 1472571559.211524 1472571559.211524 0.000000 1 3 eth:ipv4:udp 90:e2:ba:0c:39:84 e0:3f:49:7e:59:79 0x0800 77.245.18.26 ch "nexellent ag" 123 10.20.6.146 04 "Private network" 123 17 0x01 0_4_4 0x02 192.33.96.102 512 1 0.0009613184 0.0009613184 0.03447013 0.03447013 1472570362.242637 1472571559.207875 1472571559.210827 1472571559.210926
A 10 0x0400000000004000 1472571673.207910 1472571673.207910 0.000000 1 3 eth:ipv4:udp e0:3f:49:7e:59:79 00:00:5e:00:01:11 0x0800 10.20.6.146 04 "Private network" 123 77.109.139.83 ch "Init7" 123 17 0x01 0_4_3 0x03 77.245.18.26 512 1 0.004501412 0.004501412 0.04644846 0.04644846 1472571559.211524 1472571132.210740 1472571132.211247 1472571673.207877
B 10 0x0400000000004001 1472571673.211296 1472571673.211296 0.000000 1 3 eth:ipv4:udp 90:e2:ba:0c:39:84 e0:3f:49:7e:59:79 0x0800 77.109.139.83 ch "Init7" 123 10.20.6.146 04 "Private network" 123 17 0x01 0_4_4 0x02 36.224.68.195 512 1 0.009536888 0.009536888 0.03100633 0.03100633 1472571055.903184 1472571673.207877 1472571673.210864 1472571673.210889
A 11 0x0400000000004000 1472571688.207908 1472571688.207908 0.000000 1 3 eth:ipv4:udp e0:3f:49:7e:59:79 00:00:5e:00:01:11 0x0800 10.20.6.146 04 "Private network" 123 193.225.118.129 hu "KIFU" 123 17 0x01 0_4_3 0x03 77.245.18.26 512 1 0.004501412 0.004501412 0.04667735 0.04667735 1472571559.211524 1472571173.223611 1472571173.240508 1472571688.207881
B 11 0x0400000000004001 1472571688.240453 1472571688.240453 0.000000 1 3 eth:ipv4:udp 90:e2:ba:0c:39:84 e0:3f:49:7e:59:79 0x0800 193.225.118.129 hu "KIFU" 123 10.20.6.146 04 "Private network" 123 17 0x01 0_4_4 0x02 228.143.95.23 512 1 0.0005951019 0.0005951019 0.006424048 0.006424048 1472571517.047096 1472571688.207881 1472571688.223647 1472571688.223687
A 12 0x0400000000004000 1472571758.207963 1472571758.207963 0.000000 1 3 eth:ipv4:udp e0:3f:49:7e:59:79 00:00:5e:00:01:11 0x0800 10.20.6.146 04 "Private network" 123 130.60.204.10 ch "Universitaet Zuerich" 123 17 0x01 0_4_3 0x03 77.245.18.26 512 1 0.004501412 0.004501412 0.04773022 0.04773022 1472571559.211524 1472571238.211725 1472571238.212334 1472571758.207917
B 12 0x0400000000004001 1472571758.212042 1472571758.212042 0.000000 1 3 eth:ipv4:udp 90:e2:ba:0c:39:84 e0:3f:49:7e:59:79 0x0800 130.60.204.10 ch "Universitaet Zuerich" 123 10.20.6.146 04 "Private network" 123 17 0x01 0_4_4 0x04 130.60.205.7 512 1 0.002014191 0.002014191 0.08403143 0.08403143 1472570950.541664 1472571758.207917 1472571758.211324 1472571758.211429
A 13 0x0400000000004000 1472572098.207900 1472572098.207900 0.000000 1 3 eth:ipv4:udp e0:3f:49:7e:59:79 00:00:5e:00:01:11 0x0800 10.20.6.146 04 "Private network" 123 77.245.18.26 ch "nexellent ag" 123 17 0x01 0_4_3 0x03 77.245.18.26 512 1 0.004501412 0.004501412 0.05282673 0.05282673 1472571559.211524 1472571559.210926 1472571559.211524 1472572098.207872
B 13 0x0400000000004001 1472572098.211679 1472572098.211679 0.000000 1 3 eth:ipv4:udp 90:e2:ba:0c:39:84 e0:3f:49:7e:59:79 0x0800 77.245.18.26 ch "nexellent ag" 123 10.20.6.146 04 "Private network" 123 17 0x01 0_4_4 0x02 192.33.96.102 512 1 0.0009613184 0.0009613184 0.04255741 0.04255741 1472570362.242637 1472572098.207872 1472572098.210856 1472572098.211036
A 14 0x0400000000004000 1472572213.207905 1472572213.207905 0.000000 1 3 eth:ipv4:udp e0:3f:49:7e:59:79 00:00:5e:00:01:11 0x0800 10.20.6.146 04 "Private network" 123 193.225.118.129 hu "KIFU" 123 17 0x01 0_4_3 0x03 77.245.18.26 512 1 0.004501412 0.004501412 0.054551 0.054551 1472571559.211524 1472571688.223687 1472571688.240453 1472572213.207876
B 14 0x0400000000004001 1472572213.240438 1472572213.240438 0.000000 1 3 eth:ipv4:udp 90:e2:ba:0c:39:84 e0:3f:49:7e:59:79 0x0800 193.225.118.129 hu "KIFU" 123 10.20.6.146 04 "Private network" 123 17 0x01 0_4_4 0x02 228.143.95.23 512 1 0.0005645838 0.0005645838 0.009735256 0.009735256 1472571715.047003 1472572213.207876 1472572213.223584 1472572213.223626
A 15 0x0400000000004000 1472572216.207903 1472572216.207903 0.000000 1 3 eth:ipv4:udp e0:3f:49:7e:59:79 00:00:5e:00:01:11 0x0800 10.20.6.146 04 "Private network" 123 77.109.139.83 ch "Init7" 123 17 0x01 0_4_3 0x03 77.245.18.26 512 1 0.004501412 0.004501412 0.05459678 0.05459678 1472571559.211524 1472571673.210889 1472571673.211297 1472572216.207873
B 15 0x0400000000004001 1472572216.211180 1472572216.211180 0.000000 1 3 eth:ipv4:udp 90:e2:ba:0c:39:84 e0:3f:49:7e:59:79 0x0800 77.109.139.83 ch "Init7" 123 10.20.6.146 04 "Private network" 123 17 0x01 0_4_4 0x02 36.224.68.195 512 1 0.009536888 0.009536888 0.03915465 0.03915465 1472571055.903184 1472572216.207873 1472572216.210727 1472572216.210749
A 16 0x0400000000004000 1472572288.207935 1472572288.207935 0.000000 1 3 eth:ipv4:udp e0:3f:49:7e:59:79 00:00:5e:00:01:11 0x0800 10.20.6.146 04 "Private network" 123 130.60.204.10 ch "Universitaet Zuerich" 123 17 0x01 0_4_3 0x03 77.245.18.26 512 1 0.004501412 0.004501412 0.05568017 0.05568017 1472571559.211524 1472571758.211429 1472571758.212043 1472572288.207892
B 16 0x0400000000004001 1472572288.212004 1472572288.212004 0.000000 1 3 eth:ipv4:udp 90:e2:ba:0c:39:84 e0:3f:49:7e:59:79 0x0800 130.60.204.10 ch "Universitaet Zuerich" 123 10.20.6.146 04 "Private network" 123 17 0x01 0_4_4 0x04 130.60.159.7 512 1 0.003051804 0.003051804 0.07574578 0.07574578 1472571694.542394 1472572288.207892 1472572288.210963 1472572288.211098
A 17 0x0400000000004000 1472572618.207949 1472572618.207949 0.000000 1 3 eth:ipv4:udp e0:3f:49:7e:59:79 00:00:5e:00:01:11 0x0800 10.20.6.146 04 "Private network" 123 77.245.18.26 ch "nexellent ag" 123 17 0x01 0_4_3 0x03 77.245.18.26 512 1 0.004501412 0.004501412 0.06062409 0.06062409 1472571559.211524 1472572098.211036 1472572098.211679 1472572618.207904
B 17 0x0400000000004001 1472572618.211592 1472572618.211592 0.000000 1 3 eth:ipv4:udp 90:e2:ba:0c:39:84 e0:3f:49:7e:59:79 0x0800 77.245.18.26 ch "nexellent ag" 123 10.20.6.146 04 "Private network" 123 17 0x01 0_4_4 0x02 192.33.96.102 512 1 0.001022354 0.001022354 0.02244602 0.02244602 1472572499.377970 1472572618.207904 1472572618.210951 1472572618.211018
A 18 0x0400000000004000 1472572746.207951 1472572746.207951 0.000000 1 3 eth:ipv4:udp e0:3f:49:7e:59:79 00:00:5e:00:01:11 0x0800 10.20.6.146 04 "Private network" 123 193.225.118.129 hu "KIFU" 123 17 0x01 0_4_3 0x03 77.245.18.26 512 1 0.004501412 0.004501412 0.06254673 0.06254673 1472571559.211524 1472572213.223626 1472572213.240438 1472572746.207916
B 18 0x0400000000004001 1472572746.240517 1472572746.240517 0.000000 1 3 eth:ipv4:udp 90:e2:ba:0c:39:84 e0:3f:49:7e:59:79 0x0800 193.225.118.129 hu "KIFU" 123 10.20.6.146 04 "Private network" 123 17 0x01 0_4_4 0x02 228.143.95.23 512 1 0.0005493248 0.0005493248 0.004928664 0.004928664 1472572570.046974 1472572746.207916 1472572746.223698 1472572746.223740
A 19 0x0400000000004000 1472572749.207920 1472572749.207920 0.000000 1 3 eth:ipv4:udp e0:3f:49:7e:59:79 00:00:5e:00:01:11 0x0800 10.20.6.146 04 "Private network" 123 77.109.139.83 ch "Init7" 123 17 0x01 0_4_3 0x03 77.245.18.26 512 1 0.004501412 0.004501412 0.06259251 0.06259251 1472571559.211524 1472572216.210749 1472572216.211181 1472572749.207888
B 19 0x0400000000004001 1472572749.211326 1472572749.211326 0.000000 1 3 eth:ipv4:udp 90:e2:ba:0c:39:84 e0:3f:49:7e:59:79 0x0800 77.109.139.83 ch "Init7" 123 10.20.6.146 04 "Private network" 123 17 0x01 0_4_4 0x02 192.33.96.102 512 1 0.003845274 0.003845274 0.03022812 0.03022812 1472571916.912230 1472572749.207888 1472572749.210904 1472572749.210928Conclusion
Don’t forget to reset the plugin configuration for the next tutorial.
t2conf ntpDecode --reset && t2build ntpDecode
Have fun analyzing.