[Snort-users] TOS

Beckster beckster at ...1127...
Fri Sep 14 13:09:03 EDT 2001


Read the RFC's on TOS.  Be sure to read the "updated" info. about
DSCP - using the TOS field for Differentiated services codepoints in
DS-capable networks.  Used in traffic shaping.
Here's a start:

(Original spec - Sept. 1981)
http://www.ietf.org/rfc/rfc791.txt

(Service mappings for TOS - Sept. 1981)
http://www.ietf.org/rfc/rfc795.txt

(TOS in the IP protocol suite - July 1992)
http://www.ietf.org/rfc/rfc1349.txt

(Good descr. of dscp - December 1998)
http://www.ietf.org/rfc/rfc2474.txt

(architecture for dscp implementation - Dec. 1998)
http://www.ietf.org/rfc/rfc2475.txt

(Per-hop behaviour descriptions - May 2000)
http://www.ietf.org/rfc/rfc2836.txt

I've seen interesting traffic from some non-RFC compliant TCP stacks.
Most recently in an Alteon load balancer...in case you were
wondering why I had all this info.  ;-)

HTH,
Becky


> snortlst snortlst wrote:
> 
> When I try to analyze packets I see TOS:0x0
> How many types of services there are out there .... and is there any
> documentation that explains what are those hexa  values stand for?
> Thanks.




More information about the Snort-users mailing list