[Gllug] Sendmail, Firewalls, SSL...

tet at accucard.com tet at accucard.com
Tue Jun 25 13:44:10 UTC 2002


>Sorry for the missunderstanding, what I want to know is where to find info 
>about those TOS=0x00, etc. I know those come from the tcp/ip and udp 
>headers. I would normally use ethereal but I'm on a dial-up link to the 
>server and I would just prefer a more direct visual approach.

TOS is type of service, part of the IP packet header, which specifies
how routers are to treat the packet. For example, Consider the
situation where there are two routes between A & B, one via a cheap
but unreliable dial up link, and one via faster and more reliable,
but more expensive leased line. It would be reasonable to send
"unimportant" traffic (e.g., TFTP) via the cheap link, and more
critical stuff (such as DNS zone transfers) via the reliable link.
So certain applications will mark their packets with type of service
flags, so that routers can Do The Right Thing (tm).

The TOS field can have the following values (details in RFC1349 and
RFC1455):

	0  -- normal
	1  -- minimize delay
	2  -- maximize throughput
	4  -- maximize reliability
	8  -- minimize cost
	15 -- maximize security

The PREC field specifies precedence (i.e., "importance") of the packet,
and can be one of:

	0  -- normal
	1  -- priority
	2  -- immediate
	3  -- flash
	4  -- flash override
	5  -- critical
	6  -- internetwork control
	7  -- network control

But all you really need to know is that the higher the value, the better
treatment it'll be given by routers.

TTL is time to live. After a packet has made this many hops (i.e., has
been through this many routers on it's journey from A to B), it is
considered unviable, and is destroyed. This is to prevent routing loops
bringing the network grinding to a halt.

ID=3618 is almost certainly the fragment identifier, a 16-bit number
that enables fragmented packets to be reassembled at destination.

The LEN field is probably the total packet length. Not sure why you
have two of them, though. Both 37 and 57 are a tad on the short side
for a DNS packet, so maybe that's why it's being dropped.

Note that both PREC and TOS have been superseded by the differentiated
services codepoint in RFC2474...

Note also that there's information in the IP header that isn't being
logged here, which may be the reason the packet's being dropped. For
example, the fragmentation flags aren't logged, and there's no mention
of whether there are any IP options.

Tet


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list