Enabling DSCP (ToS) Display Column in Wireshark

software, , , , , , ,

I found myself having to review some VoIP traffic related queries this week and while viewing a few packet captures realised there wasn’t and easy way to see what traffic was being tagged with different DSCP values.

I googled around for a little while and found that you can actually add a DSCP column to your wireshark view by following these steps:

1. Right click on one of the existing columns.
2. Click on column preferences
3. Click Add down the bottom
4. Click on the “New Column” Label and change it to “DSCP” then hit enter once.
5. With the new entry highlighted, change the Field Type to Custom (in the dropdown box)
6. In field name, copy and paste in ip.dsfield.dscp
7. Click Apply/Ok

You can drag the column back to the left side of the Info column (this was my preference as it’s easier to see) and you now have a simple view of the tag for any packet.

dscp

 Bonus: Here’s a table of DSCP and TOS values in their most common formats for reference.
TOS (Dec) TOS (Hex) TOS Precedence Name TOS Delay flag TOS Throughput flag TOS Reliability flag DSCP (Hex) DSCP (Dec) DSCP/PHB Class
0 0x00 Routine 0 0 0 0x00 0 none
4 0x04 Routine 0 0 1 0x01 1 none
8 0x08 Routine 0 1 0 0x02 2 none
12 0x0C Routine 0 1 1 0x03 3 none
16 0x10 Routine 1 0 0 0x04 4 none
32 0x20 Priority 0 0 0 0x08 8 cs1
40 0x28 Priority 0 1 0 0x0A 10 af11
48 0x30 Priority 1 0 0 0x0C 12 af12
56 0x38 Priority 1 1 0 0x0E 14 af13
64 0x40 Immediate 0 0 0 0x10 16 cs2
72 0x48 Immediate 0 1 0 0x12 18 af21
80 0x50 Immediate 1 0 0 0x14 20 af22
88 0x58 Immediate 1 1 0 0x16 22 af23
96 0x60 Flash 0 0 0 0x18 24 cs3
104 0x68 Flash 0 1 0 0x1A 26 af31
112 0x70 Flash 1 0 0 0x1C 28 af32
120 0x78 Flash 1 1 0 0x1E 30 af33
128 0x80 FlashOverride 0 0 0 0x20 32 cs4
136 0x88 FlashOverride 0 1 0 0x22 34 af41
144 0x90 FlashOverride 1 0 0 0x24 36 af42
152 0x98 FlashOverride 1 1 0 0x26 38 af43
160 0xA0 Critical 0 0 0 0x28 40 cs5
176 0xB0 Critical 1 0 0 0x2C 44 voice-admit
184 0xB8 Critical 1 1 0 0x2E 46 ef
192 0xC0 InterNetworkControl 0 0 0 0x30 48 cs6
224 0xE0 NetworkControl 0 0 0 0x38 56 cs7

RouterOS v7.0 released (april fools joke)

aprilfools

Update: Yes for those of you who did double-takes, this is/was an April fools joke 🙂

Some exciting new changes announced!

What's new in 7.0:
 *) dude - 5.0 package released for PPC and CCR platforms
 *) ppp - LNS/LAC support added
 *) ppp - CoA updates now supported for all ppp services
 *) openvpn - UDP transport support
 *) ipsec - VTI support added
 *) bonding - added support for TRILL
 *) wireless - fixed auto frequency feature, all existing chipsets now support 802.11ac;
 *) console - more colors added to terminal output
 *) ethernet - added option to enable 802.3af/at from terminal on new CRS PoE models
 (will be disabled by default);
 *) ethernet - added GUI setup mode for switch chip vlan configuration
 *) routing - new routing package released for CCRs;
 *) system - Routers will now print money
 (will be disabled by default);
 *) safe mode replaced with april fools mode

Edit: It’s finally real – v7.0beta is available here: https://mt.lv/v7

Script Fu – Changing RADIUS server source address

scripts, , , , , ,

Just a quick post to show an example of day to day usage of RouterOS scripting.

Goal: We had to change the src-address for a bunch of radius-server listings across 40 MikroTik devices, to match a new pptp-tunnel address. What would’ve been a pain was that the address is different on each device.

Solution: Create a scriptlet to pull the IP into the update (set) routine, ensuring it is formatted correctly for use.

Continue reading Script Fu – Changing RADIUS server source address