Network Time Protocol (NTP) is a networking protocol that synchronizes clocks across computers and devices on a network. Accurate time is essential for modern computing—everything from file timestamps and log entries to security certificates and authentication protocols depends on devices agreeing on what time it is.
Without time synchronization, a file saved at 3:00 PM on one computer might appear to have been created at 2:47 PM when viewed from another computer. More critically, security systems may fail, logs become impossible to correlate, and scheduled tasks run at the wrong times. NTP solves these problems by ensuring all devices maintain accurate, consistent time.

Why Time Synchronization Matters
Accurate time synchronization is critical for numerous IT functions.
Security and Authentication
Kerberos authentication, used extensively in Active Directory environments, relies on synchronized time. By default, Kerberos allows only a five-minute time difference between clients and domain controllers. If a workstation's clock drifts too far, users cannot authenticate and are locked out of network resources.
TLS/SSL certificates include validity periods with start and end dates. If a client's clock is wrong, it may reject valid certificates as expired or not yet valid, breaking secure connections to websites and services.
Two-factor authentication tokens generate time-based codes that change every 30 seconds. If the authenticating server and the token aren't synchronized, codes won't match and authentication fails.
Logging and Forensics
When investigating security incidents or troubleshooting problems, administrators correlate logs from multiple systems to reconstruct what happened. If each server has a different time, piecing together the sequence of events becomes extremely difficult or impossible.
Compliance regulations often require accurate timestamps on audit logs. Financial transactions, healthcare records, and legal documents all depend on reliable time records.
Distributed Systems
Modern applications often span multiple servers that must coordinate activities. Database replication, distributed file systems, and clustered applications all require synchronized time to function correctly. Even small time differences can cause data inconsistencies or synchronization failures.
Scheduled Tasks
Backup jobs, maintenance scripts, and automated reports run at scheduled times. Time drift causes tasks to run at unexpected times, potentially conflicting with business operations or missing backup windows.
How NTP Works
NTP uses a hierarchical system of time sources organized into strata, with highly accurate reference clocks at the top.
Stratum Levels
Stratum 0 represents the most accurate time sources—atomic clocks, GPS receivers, and other precision timekeeping devices. These reference clocks don't participate in NTP directly but provide time to Stratum 1 servers.
Stratum 1 servers connect directly to Stratum 0 devices. These are primary time servers with the highest accuracy available over a network. Major organizations and government agencies operate public Stratum 1 servers.
Stratum 2 servers synchronize with Stratum 1 servers. Many organizations run Stratum 2 servers internally, synchronizing with public Stratum 1 sources and providing time to internal clients.
Stratum 3 and below servers synchronize with higher stratum servers. Each step away from Stratum 0 adds a small amount of potential inaccuracy, though modern networks typically maintain accuracy within milliseconds regardless of stratum level.
The maximum stratum level is 15. Stratum 16 indicates an unsynchronized device that shouldn't be used as a time source.
The Synchronization Process
When an NTP client synchronizes with a server, it sends a request packet containing its current timestamp. The server receives the request, adds its own timestamp, and sends a response. The client receives the response and notes the arrival time.
Using these four timestamps—client send time, server receive time, server send time, and client receive time—NTP calculates the round-trip network delay and the offset between client and server clocks. The client then adjusts its clock to match the server.
NTP clients don't simply set their clock to match the server. Instead, they gradually adjust the clock speed to bring it into alignment, avoiding sudden time jumps that could disrupt applications. This process is called clock discipline or slewing.
For large time differences (typically over 128 milliseconds), NTP may step the clock with an immediate adjustment. Very large differences (over 1000 seconds by default) may cause NTP to refuse synchronization entirely, requiring manual intervention.
NTP Ports and Protocols
NTP uses UDP port 123 for both sending and receiving time synchronization traffic. UDP is appropriate because occasional lost packets are acceptable—NTP clients regularly poll servers, so a missed response simply delays synchronization slightly.
Firewalls must allow UDP port 123 for NTP to function. In environments with strict outbound filtering, administrators must permit NTP traffic to designated time servers.
SNTP
Simple Network Time Protocol (SNTP) is a simplified version of NTP suitable for devices that don't need the full protocol's accuracy. SNTP clients synchronize with NTP servers but skip the complex algorithms that provide millisecond-level precision.