Analyzing tos bits from tcpdump
Frens,
I have one strange problem with tcpdump.
I could not see the output about the tos bits in tcpdump.
I am running the tcpdump in two different machine:
A) Linux machineA 2.6.11-1.1369_FC4
b) Linux machineB 2.4.20-8
Please take a look at following output:
[root@machineA src]# tcpdump -nn -vvvv
tcpdump: listening on eth0
16:11:57.481254 202.63.x.23.1354 > 202.63.y.22: . [tcp sum ok] 641:641(0) ack 59456 win 16464 (DF) (ttl 124, id 30722, len 40)
16:11:57.613161 202.63.x.1354 > 202.63.y.22: P 641:721(80) ack 59456 win 16464 (DF) (ttl 124, id 30723, len 120)
16:11:57.613236 202.63.y.22 > 202.63.x.23.1354: P 59456:60016(560) ack 721 win 16320 (DF) [tos 0x10] (ttl 64, id 50362, len 600)
16:11:57.613270 202.63.y.22 > 202.63.x.23.1354: P 60016:60576(560) ack 721 win 16320 (DF) [tos 0x10] (ttl 64, id 50364, len 600)
16:11:57.613310 202.63.y.22 > 202.63.x.23.1354: P 60576:61136(560) ack 721 win 16320 (DF) [tos 0x10] (ttl 64, id 50366, len 600)
[root@machineB src]# tcpdump -nn -vvvv
tcpdump: listening on eth0
16:16:58.521793 202.63.x.22 > 202.63.y.23.1356: P 513:913(400) ack 0 win 20440 (DF) (ttl 64, id 49224, len 440)
16:16:58.740496 202.63.x.23.1356 > 202.63.y.6.22: . [tcp sum ok] 0:0(0) ack 913 win 16176 (DF) (ttl 128, id 31118, len 40)
16:16:58.740508 202.63.y.6.22 > 202.63.x.23.1356: P 913:1313(400) ack 0 win 20440 (DF) (ttl 64, id 49225, len 440)
16:16:58.959210 202.63.x.23.1356 > 202.63.y.6.22: . [tcp sum ok] 0:0(0) ack 1313 win 17520 (DF) (ttl 128, id 31119, len 40)
16:16:58.959223 202.63.y.22 > 202.63.x.23.1356: P 1313:1713(400) ack 0 win 20440 (DF) (ttl 64, id 49226, len 440)
16:16:59.177924 202.63.x.23.1356 > 202.63.y.6.22: . [tcp sum ok] 0:0(0) ack 1713 win 17120 (DF) (ttl 128, id 31120, len 40)
16:16:59.177934 202.63.y.6.22 > 202.63.x.23.1356: P 1713:2113(400) ack 0 win 20440 (DF) (ttl 64, id 49227, len 440)
--- Note the tos bit on the first out put and no tos bit in second. I suspect the Linux version on my second machine MachineB does not support to display tos bit by tcpdump.
Both uses tcpdump version: tcpdump-3.7.2-7
I need to see the toss bits from tcpdump in the machineB. Please suggest what is the reason behind it. Do I need to upgrade OS in machineB?
regds,
Rajendra One
I have one strange problem with tcpdump.
I could not see the output about the tos bits in tcpdump.
I am running the tcpdump in two different machine:
A) Linux machineA 2.6.11-1.1369_FC4
b) Linux machineB 2.4.20-8
Please take a look at following output:
[root@machineA src]# tcpdump -nn -vvvv
tcpdump: listening on eth0
16:11:57.481254 202.63.x.23.1354 > 202.63.y.22: . [tcp sum ok] 641:641(0) ack 59456 win 16464 (DF) (ttl 124, id 30722, len 40)
16:11:57.613161 202.63.x.1354 > 202.63.y.22: P 641:721(80) ack 59456 win 16464 (DF) (ttl 124, id 30723, len 120)
16:11:57.613236 202.63.y.22 > 202.63.x.23.1354: P 59456:60016(560) ack 721 win 16320 (DF) [tos 0x10] (ttl 64, id 50362, len 600)
16:11:57.613270 202.63.y.22 > 202.63.x.23.1354: P 60016:60576(560) ack 721 win 16320 (DF) [tos 0x10] (ttl 64, id 50364, len 600)
16:11:57.613310 202.63.y.22 > 202.63.x.23.1354: P 60576:61136(560) ack 721 win 16320 (DF) [tos 0x10] (ttl 64, id 50366, len 600)
[root@machineB src]# tcpdump -nn -vvvv
tcpdump: listening on eth0
16:16:58.521793 202.63.x.22 > 202.63.y.23.1356: P 513:913(400) ack 0 win 20440 (DF) (ttl 64, id 49224, len 440)
16:16:58.740496 202.63.x.23.1356 > 202.63.y.6.22: . [tcp sum ok] 0:0(0) ack 913 win 16176 (DF) (ttl 128, id 31118, len 40)
16:16:58.740508 202.63.y.6.22 > 202.63.x.23.1356: P 913:1313(400) ack 0 win 20440 (DF) (ttl 64, id 49225, len 440)
16:16:58.959210 202.63.x.23.1356 > 202.63.y.6.22: . [tcp sum ok] 0:0(0) ack 1313 win 17520 (DF) (ttl 128, id 31119, len 40)
16:16:58.959223 202.63.y.22 > 202.63.x.23.1356: P 1313:1713(400) ack 0 win 20440 (DF) (ttl 64, id 49226, len 440)
16:16:59.177924 202.63.x.23.1356 > 202.63.y.6.22: . [tcp sum ok] 0:0(0) ack 1713 win 17120 (DF) (ttl 128, id 31120, len 40)
16:16:59.177934 202.63.y.6.22 > 202.63.x.23.1356: P 1713:2113(400) ack 0 win 20440 (DF) (ttl 64, id 49227, len 440)
--- Note the tos bit on the first out put and no tos bit in second. I suspect the Linux version on my second machine MachineB does not support to display tos bit by tcpdump.
Both uses tcpdump version: tcpdump-3.7.2-7
I need to see the toss bits from tcpdump in the machineB. Please suggest what is the reason behind it. Do I need to upgrade OS in machineB?
regds,
Rajendra One
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
How could I change the tos bit out from the interface ?
regds,
rone