Hello, i have been tcpdumping traffic comming from a MUD server somewhere in the US. I was amazed to see that the packets had TOS set to 0x80.
It is interractive traffic, client (telnet) sets to 0x10 (minimize-delay), and the server should echo back the TOS. Normally, i have never seen MUD echo back the TOS, so this 0x80 was strange to see. I decided to ping every router on the way to the host and check echoing the TOS byte. I found that anywhere i send my packets, there always be a host that will set the TOS to 0x80 on its outgoing packets. on many paths (www.southafrica.co.za, www.wanadoo.fr, www.reliz.ru) there is 134.222.110.249 which does that. I was pinging the host and in the same time tcpdumping traffic. Also, in some other directions (www.google.com, diablo.mudshell.com, www.sex.co.nz) there is 208.48.23.153, which does the same thing. I am worried, because if some server beyound those routers set TOS to have their traffic well served, its packets' TOS will be changed. eg. from 0x10 to 0x80. which zeroes out the TOS bit and sets precedence. Any really remote host i tried had tos 0x80 set on both icmp and tcp. This is strange, is it misconfiguration or policy? Regards, Maciej Soltysiak
