[Snort-users] Problems with TOS

Paul Cardon paul at ...26...
Sat Jan 6 10:06:51 EST 2001


Ofir Arkin wrote:
> 
> In which format the tos value should be in with?
> Hex, Decimal?
> 
> I just have trouble matching it with a very basic rule:
> 
> alert icmp any any -> any any (msg:"TOS Check"; tos: 24;)

The tos plugin performs an atoi() on the tos argument so it needs to be
specified as a decimal value.

-paul




More information about the Snort-users mailing list