[Snort-users] OT- Can some confirm a TOS bit setting for me.

Matt Kettler mkettler at ...4108...
Thu Jan 23 12:30:12 EST 2003


Yes, according to RFC 791, a "critical" precedence is 101 in binary, and 
precedence is the least-significant 3 bits of the field. If none of the 
service-type bits are set, this results in a ToS field value of 0x5.

The RFC defined precedence values are:

           111 - Network Control
           110 - Internetwork Control
           101 - CRITIC/ECP
           100 - Flash Override
           011 - Flash
           010 - Immediate
           001 - Priority
           000 - Routine

which are 0x7 through 0x0, in order.

At 02:38 PM 1/23/2003 -0500, David E. Gianndrea wrote:
>Im using a packet generator to create packets with what I believe is the IP
>precedence bits set to critical. Does this tcpdump trace indicate the correct
>bits being set?
>
>dhcp61-0.4671 > 10.200.61.0.3000:  udp 160 [tos 0x5]  (ttl 125, id 44882, 
>len 188)
>dhcp61-0.4671 > 10.200.61.0.3000:  udp 160 [tos 0x5]  (ttl 125, id 44883, 
>len 188)
>dhcp61-0.4671 > 10.200.61.0.3000:  udp 160 [tos 0x5]  (ttl 125, id 44884, 
>len 188)
>dhcp61-0.4671 > 10.200.61.0.3000:  udp 160 [tos 0x5]  (ttl 125, id 44885, 
>len 188)
>dhcp61-0.4671 > 10.200.61.0.3000:  udp 160 [tos 0x5]  (ttl 125, id 44886, 
>len 188)
>
>
>Thanks in advance.





More information about the Snort-users mailing list