Ethereal-users: RE: [Ethereal-users] TOS 5 capture filter

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Hansang Bae <hbae@xxxxxxxxxx>
Date: Wed, 22 Mar 2006 23:30:33 -0500
On 01:44 AM 3/21/2006, Robert Beasley wrote:
>That is correct.  I am seeing some TOS5 in our routers that should not
>be there.  I am trying to identify the source and take corrective
>action.


how about

ip[1:1] & 0xe0 = 0xa0

the above translates to:

IP[offset of 1: read one byte] /* note that IP[1:1] is the same as IP[1] since the "read one byte" is the assumed default */

binary AND it with E0 == 1110 0000  (i.e. we only care about the first three bits)

TOS Byte for Critical is 1010 0000 in binary so....

CRITICAL of 5  == 1010 0000 in binary
AND it with E0 == 1110 0000 
       equals  == 1010 0000 
               == 0xA0

OR I suppose the following would work

ip[1]= 0xa0