Hi guys, anyone else on this?
Original issue is: I can't graph any tos value on NFSEN, despite I see it when I capture traffic on the segment I'm monitoring. Only TOS 0 works . Thanks -----Original Message----- From: nfsen-discuss-requ...@lists.sourceforge.net [mailto:nfsen-discuss-requ...@lists.sourceforge.net] Sent: martedì 7 ottobre 2014 14:32 To: nfsen-discuss@lists.sourceforge.net Subject: Nfsen-discuss Digest, Vol 100, Issue 2 Send Nfsen-discuss mailing list submissions to nfsen-discuss@lists.sourceforge.net To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/nfsen-discuss or, via email, send a message with subject or body 'help' to nfsen-discuss-requ...@lists.sourceforge.net You can reach the person managing the list at nfsen-discuss-ow...@lists.sourceforge.net When replying, please edit your Subject line so it is more specific than "Re: Contents of Nfsen-discuss digest..." Today's Topics: 1. Re: Filter TOS with NFSEN (Giles Coochey) 2. Re: Filter TOS with NFSEN (Giles Coochey) ---------------------------------------------------------------------- Message: 1 Date: Tue, 07 Oct 2014 13:29:28 +0100 From: Giles Coochey <gi...@coochey.net> Subject: Re: [Nfsen-discuss] Filter TOS with NFSEN To: nfsen-discuss@lists.sourceforge.net Message-ID: <5433dca8.6050...@coochey.net> Content-Type: text/plain; charset="windows-1252" On 07/10/2014 13:14, Oliver Lagni wrote: > > Hello all, > > I?m setting the DSCP on some traffic going out and getting in on my > firewall. > > With NFSEN I collect traffic from both segments, LAN and WAN Firewall > sides. > > On my firewall I set DSCP to 101110 for real-time traffic and I > clearly see it on Nprobe server on both segments, as soon as I filter > with TCPDump: > > tcpdump -i eth2 -vvv -n ip and ip[1]=0xb8 > > 0xb8 is 184 in HEX.. and I see this on eth2 (WAN) and eth3 (LAN): > > 14:21:23.236494 IP (*tos 0xb8*, ttl 126, id 4388, offset 0, flags > [DF], proto TCP (6), length 450) > > 217.xx.xx.xx.47460 > 64.xx.xx.xx.https: Flags [P.], cksum 0x5af4 > (correct), seq 949:1359, ack 84, win 256, length 410 > > But as soon as I filter on NFSEN with syntax Tos 184 or tos 0xb8 I > don?t see anything. > > Is there any reason? Can someone help me a bit on this? > > I am not sure, but I think the tos value you filter with is the 3 most significant bits, so a value between 0-7 0 = 000xxxxxx 1 = 001xxxxxx 2 = 010xxxxxx 3 = 011xxxxxx 4 = 100xxxxxx 5 = 101xxxxxx 6 = 110xxxxxx 7 = 111xxxxxx So "tos 1" filter matches your priority packets? -- Regards, Giles Coochey, CCNP, CCNA, CCNAS NetSecSpec Ltd +44 (0) 8444 780677 +44 (0) 7584 634135 http://www.coochey.net http://www.netsecspec.co.uk gi...@coochey.net -------------- next part -------------- An HTML attachment was scrubbed... -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6454 bytes Desc: S/MIME Cryptographic Signature ------------------------------ Message: 2 Date: Tue, 07 Oct 2014 13:31:55 +0100 From: Giles Coochey <gi...@coochey.net> Subject: Re: [Nfsen-discuss] Filter TOS with NFSEN To: nfsen-discuss@lists.sourceforge.net Message-ID: <5433dd3b.8090...@coochey.net> Content-Type: text/plain; charset="windows-1252" On 07/10/2014 13:29, Giles Coochey wrote: > On 07/10/2014 13:14, Oliver Lagni wrote: >> >> On my firewall I set DSCP to 101110 for real-time traffic and I >> clearly see it on Nprobe server on both segments, as soon as I filter >> with TCPDump: >> >> > I am not sure, but I think the tos value you filter with is the 3 most > significant bits, so a value between 0-7 > > 0 = 000xxxxxx > 1 = 001xxxxxx > 2 = 010xxxxxx > 3 = 011xxxxxx > 4 = 100xxxxxx > 5 = 101xxxxxx > 6 = 110xxxxxx > 7 = 111xxxxxx > > So "tos 1" filter matches your priority packets? Argh... binary, 0xb8 should be "tos 5" > -- > Regards, > > Giles Coochey, CCNP, CCNA, CCNAS > NetSecSpec Ltd > +44 (0) 8444 780677 > +44 (0) 7584 634135 > http://www.coochey.net > http://www.netsecspec.co.uk > gi...@coochey.net -- Regards, Giles Coochey, CCNP, CCNA, CCNAS NetSecSpec Ltd +44 (0) 8444 780677 +44 (0) 7584 634135 http://www.coochey.net http://www.netsecspec.co.uk gi...@coochey.net -------------- next part -------------- An HTML attachment was scrubbed... -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6454 bytes Desc: S/MIME Cryptographic Signature ------------------------------ ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk ------------------------------ _______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss End of Nfsen-discuss Digest, Vol 100, Issue 2 ********************************************* ------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho _______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
