[Snort-users] OT- Can some confirm a TOS bit setting for me.

David E. Gianndrea daveg at ...4357...
Thu Jan 23 12:10:03 EST 2003


As requested!


dhcp61-0.4782 > 10.200.61.0.3000:  udp 160 [tos 0x5]  (ttl 125, id 47625, len 188)
                          4505 00bc ba09 0000 7d11 f51d 0a3d 3c00
                          0ac8 3d00 12ae 0bb8 00a8 8465 2c2c 2c2c
                          2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c
                          2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c
                          2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c 2c2c
                          2c2c


Ashley Thomas wrote:
> I seems to be right. Can you give a hex dump of the packet ?
> 
> tcpdump -x
> 
> 
> 
> David E. Gianndrea wrote:
> 
>> Im using a packet generator to create packets with what I believe is 
>> the IP
>> precedence bits set to critical. Does this tcpdump trace indicate the 
>> correct
>> bits being set?
>>
>> dhcp61-0.4671 > 10.200.61.0.3000:  udp 160 [tos 0x5]  (ttl 125, id 
>> 44882, len 188)
>> dhcp61-0.4671 > 10.200.61.0.3000:  udp 160 [tos 0x5]  (ttl 125, id 
>> 44883, len 188)
>> dhcp61-0.4671 > 10.200.61.0.3000:  udp 160 [tos 0x5]  (ttl 125, id 
>> 44884, len 188)
>> dhcp61-0.4671 > 10.200.61.0.3000:  udp 160 [tos 0x5]  (ttl 125, id 
>> 44885, len 188)
>> dhcp61-0.4671 > 10.200.61.0.3000:  udp 160 [tos 0x5]  (ttl 125, id 
>> 44886, len 188)
>>
>>
>> Thanks in advance.
>>
>>
> 
> 


-- 
David Gianndrea
Senior Network Engineer
Comsquared Systems, Inc.

Web:     www.comsquared.com
Email:   dgianndrea at ...4357...






More information about the Snort-users mailing list