Can anyone point me to any resources describing the current usage of the tos precedence bits. Specifically what happens in practice, not what is suppose to happen (I can find the RFC's and IETF documents okay). Prompted by noting that a lot of spambots set the lowest precedence bit (tos 0x20 in tcpdump), I assume this is just a reflection of what operating system is in use/has been compromised? Internet search engines seem to think the whole point of the tos bits is to allow you to more accurately fingerprint remote operating systems, at least that is what the naive searcher might conclude.