[Snort-users] OT- Can some confirm a TOS bit setting for me.

David E. Gianndrea daveg at ...4357...
Thu Jan 23 12:38:03 EST 2003


Ok, That is also how I read 791. Thanks for the confirmation.


Matt Kettler wrote:
> Yes, according to RFC 791, a "critical" precedence is 101 in binary, and 
> precedence is the least-significant 3 bits of the field. If none of the 
> service-type bits are set, this results in a ToS field value of 0x5.
> 
> The RFC defined precedence values are:
> 
>           111 - Network Control
>           110 - Internetwork Control
>           101 - CRITIC/ECP
>           100 - Flash Override
>           011 - Flash
>           010 - Immediate
>           001 - Priority
>           000 - Routine
> 
> which are 0x7 through 0x0, in order.
> 
> At 02:38 PM 1/23/2003 -0500, David E. Gianndrea wrote:
> 
>> Im using a packet generator to create packets with what I believe is 
>> the IP
>> precedence bits set to critical. Does this tcpdump trace indicate the 
>> correct
>> bits being set?
>>
>> dhcp61-0.4671 > 10.200.61.0.3000:  udp 160 [tos 0x5]  (ttl 125, id 
>> 44882, len 188)
>> dhcp61-0.4671 > 10.200.61.0.3000:  udp 160 [tos 0x5]  (ttl 125, id 
>> 44883, len 188)
>> dhcp61-0.4671 > 10.200.61.0.3000:  udp 160 [tos 0x5]  (ttl 125, id 
>> 44884, len 188)
>> dhcp61-0.4671 > 10.200.61.0.3000:  udp 160 [tos 0x5]  (ttl 125, id 
>> 44885, len 188)
>> dhcp61-0.4671 > 10.200.61.0.3000:  udp 160 [tos 0x5]  (ttl 125, id 
>> 44886, len 188)
>>
>>
>> Thanks in advance.
> 
> 


-- 
David Gianndrea
Senior Network Engineer
Comsquared Systems, Inc.

Web:     www.comsquared.com
Email:   dgianndrea at ...4357...






More information about the Snort-users mailing list