How to monitor the country and type of connection of users connecting to my ntp

Could you recommend a software to see these stats, tcpdump can only show IP but not country and type of connection

The type of connection is UDP only…

If you want to know the country you would have to capture the IPs, then match them against existing databases… Like MaxMind or ip2location.

Hello, I just want to add that tcpdump is a general packet dumper. So you might find yourself running tcpdump udp port 123 it should also take service names

if anyone is taking notes the -n tells tcpdump to avoid doing DNS lookups of ip addresses

tcpdump -n udp port ntp

@Kyle , welcome to the community!
I use twice the -n flag to avoid not only name lookup of IP addresses but service name lookups of port numbers too.

I prefer to use 'ntpq -c “hostname no” -c “mrulist” on a regular interval and than use that output for some MaxMind-analysis.