[Snort-users] Problems with TOS

Ofir Arkin ofir at ...949...
Sat Jan 6 21:37:43 EST 2001


Tried that already.
Tried using 24 decimal equal to hex 18.

Nothing...

I was curious, I got match only between 0-10.

Ofir

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Paul Cardon
Sent: Saturday, January 06, 2001 7:07 AM
To: Ofir Arkin
Cc: Snort-Users
Subject: Re: [Snort-users] Problems with TOS


Ofir Arkin wrote:
>
> In which format the tos value should be in with?
> Hex, Decimal?
>
> I just have trouble matching it with a very basic rule:
>
> alert icmp any any -> any any (msg:"TOS Check"; tos: 24;)

The tos plugin performs an atoi() on the tos argument so it needs to be
specified as a decimal value.

-paul

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/mailman/listinfo/snort-users





More information about the Snort-users mailing list