After I reconfigured my Windows Time Service I download and installed WireShark network protocol analyzer tool. I start capturing all traffic on my physical Ethernet interface for more than 12 hours. I was wondering what kind of traffic was generated by my windows client after I configured the NTP server pointing to time.windows.com. I stopped the capture and ended with a 200MB file.

WireShark is the newest version of the nr1 open-source network protocol analyzer available today. Before it was known by name of Ethereal and still available for download.

Wireshark is the world’s foremost network protocol analyzer, and is the de facto (and often de jure) standard across many industries and educational institutions. Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998.

New Display filter is created with two strings. I don’t want manually go through all those frames and I put my windows machine ip address and the udp port 123 for NTP communication.

I saved the filter and applied. The capture run for 12+ hours and 34 frames were captured with the filter search strings.

Once every hour the windows time service connected to the ntp server.