[Snort-users] Problems with TOS

Ofir Arkin ofir at ...949...
Sat Jan 6 17:10:18 EST 2001

In which format the tos value should be in with?
Hex, Decimal?

I just have trouble matching it with a very basic rule:

alert icmp any any -> any any (msg:"TOS Check"; tos: 24;)

Any thoughts?

Ofir Arkin
ofir at ...949...
PGP CC2C BE53 12C6 C9F2 87B1 B8C6 0DFA CF2D D360 43FA 

More information about the Snort-users mailing list