<br><font size=2><tt><snip></tt></font>
<br>
<br><font size=2><tt><br>
> What's wrong with doing it by port? <br>
<br>
We're actually using SIP to terminate calls, going by rtp.conf the ports<br>
could range several thousand ports. What we're going for is only<br>
honoring TOS for that particular customer, luckily these are T1<br>
customers hosted on our routers. They understand that their firewalls<br>
cannot pass TOS, if they do (ie: we packet sniff and see this) then<br>
they're on their own.<br>
<br>
In a nutshell we wanted to avoid using hardcoded ports, what if say a<br>
game server was in that port range (and used udp lol), you would be<br>
rather screwed.</tt></font>
<br>
<br><font size=2><tt></snip></tt></font>
<br>
<br><font size=2><tt>Ahh OK. Well, how about configuring a laptop with
ethereal (http://www.ethereal.com/) and capturing the packets you have
in mind? It even runs on Windows. :p It's pretty easy to specify a particular
destination or so, for limiting which traffic you sniff. You could use
an old hub and start plugging the laptop in between routers using the hub
so it can capture the packets. Should be fairly quick to isolate which
router is modifying the TOS value. Just an idea... of course you have to
have physical access to the network...</tt></font>
<br>
<br><font size=2><tt>HTH,</tt></font>
<br><font size=2><tt>-Ron</tt></font>
<br>