On 07/10/2014 13:14, Oliver Lagni wrote:
I am not sure, but I think the tos value you filter with is the 3 most significant bits, so a value between 0-7Hello all,I’m setting the DSCP on some traffic going out and getting in on my firewall.With NFSEN I collect traffic from both segments, LAN and WAN Firewall sides.On my firewall I set DSCP to 101110 for real-time traffic and I clearly see it on Nprobe server on both segments, as soon as I filter with TCPDump:tcpdump -i eth2 -vvv -n ip and ip[1]=0xb8 0xb8 is 184 in HEX.. and I see this on eth2 (WAN) and eth3 (LAN):14:21:23.236494 IP (*tos 0xb8*, ttl 126, id 4388, offset 0, flags [DF], proto TCP (6), length 450)217.xx.xx.xx.47460 > 64.xx.xx.xx.https: Flags [P.], cksum 0x5af4 (correct), seq 949:1359, ack 84, win 256, length 410But as soon as I filter on NFSEN with syntax Tos 184 or tos 0xb8 I don’t see anything.Is there any reason? Can someone help me a bit on this?
0 = 000xxxxxx 1 = 001xxxxxx 2 = 010xxxxxx 3 = 011xxxxxx 4 = 100xxxxxx 5 = 101xxxxxx 6 = 110xxxxxx 7 = 111xxxxxx So "tos 1" filter matches your priority packets? -- Regards, Giles Coochey, CCNP, CCNA, CCNAS NetSecSpec Ltd +44 (0) 8444 780677 +44 (0) 7584 634135 http://www.coochey.net http://www.netsecspec.co.uk [email protected]
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________ Nfsen-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
