Enabling DSCP (ToS) Display Column in Wireshark

I found myself having to review some VoIP traffic related queries this week and while viewing a few packet captures realised there wasn’t and easy way to see what traffic was being tagged with different DSCP values.

I googled around for a little while and found that you can actually add a DSCP column to your wireshark view by following these steps:

1. Right click on one of the existing columns.
2. Click on column preferences
3. Click Add down the bottom
4. Click on the “New Column” Label and change it to “DSCP” then hit enter once.
5. With the new entry highlighted, change the Field Type to Custom (in the dropdown box)
6. In field name, copy and paste in ip.dsfield.dscp
7. Click Apply/Ok

You can drag the column back to the left side of the Info column (this was my preference as it’s easier to see) and you now have a simple view of the tag for any packet.

dscp

 Bonus: Here’s a table of DSCP and TOS values in their most common formats for reference.
TOS (Dec) TOS (Hex) TOS Precedence Name TOS Delay flag TOS Throughput flag TOS Reliability flag DSCP (Hex) DSCP (Dec) DSCP/PHB Class
0 0x00 Routine 0 0 0 0x00 0 none
4 0x04 Routine 0 0 1 0x01 1 none
8 0x08 Routine 0 1 0 0x02 2 none
12 0x0C Routine 0 1 1 0x03 3 none
16 0x10 Routine 1 0 0 0x04 4 none
32 0x20 Priority 0 0 0 0x08 8 cs1
40 0x28 Priority 0 1 0 0x0A 10 af11
48 0x30 Priority 1 0 0 0x0C 12 af12
56 0x38 Priority 1 1 0 0x0E 14 af13
64 0x40 Immediate 0 0 0 0x10 16 cs2
72 0x48 Immediate 0 1 0 0x12 18 af21
80 0x50 Immediate 1 0 0 0x14 20 af22
88 0x58 Immediate 1 1 0 0x16 22 af23
96 0x60 Flash 0 0 0 0x18 24 cs3
104 0x68 Flash 0 1 0 0x1A 26 af31
112 0x70 Flash 1 0 0 0x1C 28 af32
120 0x78 Flash 1 1 0 0x1E 30 af33
128 0x80 FlashOverride 0 0 0 0x20 32 cs4
136 0x88 FlashOverride 0 1 0 0x22 34 af41
144 0x90 FlashOverride 1 0 0 0x24 36 af42
152 0x98 FlashOverride 1 1 0 0x26 38 af43
160 0xA0 Critical 0 0 0 0x28 40 cs5
176 0xB0 Critical 1 0 0 0x2C 44 voice-admit
184 0xB8 Critical 1 1 0 0x2E 46 ef
192 0xC0 InterNetworkControl 0 0 0 0x30 48 cs6
224 0xE0 NetworkControl 0 0 0 0x38 56 cs7

Leave a Reply