Snort mailing list archives
Re: TOS
From: Beckster <beckster () gte net>
Date: Fri, 14 Sep 2001 15:09:05 -0500
Read the RFC's on TOS. Be sure to read the "updated" info. about DSCP - using the TOS field for Differentiated services codepoints in DS-capable networks. Used in traffic shaping. Here's a start: (Original spec - Sept. 1981) http://www.ietf.org/rfc/rfc791.txt (Service mappings for TOS - Sept. 1981) http://www.ietf.org/rfc/rfc795.txt (TOS in the IP protocol suite - July 1992) http://www.ietf.org/rfc/rfc1349.txt (Good descr. of dscp - December 1998) http://www.ietf.org/rfc/rfc2474.txt (architecture for dscp implementation - Dec. 1998) http://www.ietf.org/rfc/rfc2475.txt (Per-hop behaviour descriptions - May 2000) http://www.ietf.org/rfc/rfc2836.txt I've seen interesting traffic from some non-RFC compliant TCP stacks. Most recently in an Alteon load balancer...in case you were wondering why I had all this info. ;-) HTH, Becky
snortlst snortlst wrote: When I try to analyze packets I see TOS:0x0 How many types of services there are out there .... and is there any documentation that explains what are those hexa values stand for? Thanks.
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- TOS snortlst snortlst (Sep 14)
- Re: TOS Beckster (Sep 14)
- False Alert and IP Number George D. Nincehelser (Sep 14)
- Re: False Alert and IP Number John Sage (Sep 15)
- False Alert and IP Number George D. Nincehelser (Sep 14)
- <Possible follow-ups>
- RE: TOS Cessna, Michael (Sep 14)
- Re: TOS Beckster (Sep 14)