More tcpdump 8->1 cleanup.
Approved by: mlaier MFC after: 3 days
This commit is contained in:
parent
dd34f92b7f
commit
819f8dfa2b
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=148787
@ -13,6 +13,9 @@
|
|||||||
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||||
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||||
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||||
|
.\"
|
||||||
|
.\" $FreeBSD$
|
||||||
|
.\"
|
||||||
.Dd August 18, 2003
|
.Dd August 18, 2003
|
||||||
.Dt PF.OS 5
|
.Dt PF.OS 5
|
||||||
.Os
|
.Os
|
||||||
@ -23,7 +26,7 @@
|
|||||||
The
|
The
|
||||||
.Xr pf 4
|
.Xr pf 4
|
||||||
firewall and the
|
firewall and the
|
||||||
.Xr tcpdump 8
|
.Xr tcpdump 1
|
||||||
program can both fingerprint the operating system of hosts that
|
program can both fingerprint the operating system of hosts that
|
||||||
originate an IPv4 TCP connection.
|
originate an IPv4 TCP connection.
|
||||||
The file consists of newline-separated records, one per fingerprint,
|
The file consists of newline-separated records, one per fingerprint,
|
||||||
@ -200,7 +203,7 @@ An absolutely braindead embedded operating system fingerprint could be:
|
|||||||
.Ed
|
.Ed
|
||||||
.Pp
|
.Pp
|
||||||
The
|
The
|
||||||
.Xr tcpdump 8
|
.Xr tcpdump 1
|
||||||
output of
|
output of
|
||||||
.Bd -literal
|
.Bd -literal
|
||||||
# tcpdump -s128 -c1 -nv 'tcp[13] == 2'
|
# tcpdump -s128 -c1 -nv 'tcp[13] == 2'
|
||||||
@ -214,7 +217,7 @@ almost translates into the following fingerprint
|
|||||||
57344:64:1:44:M1460: exampleOS:1.0::exampleOS 1.0
|
57344:64:1:44:M1460: exampleOS:1.0::exampleOS 1.0
|
||||||
.Ed
|
.Ed
|
||||||
.Pp
|
.Pp
|
||||||
.Xr tcpdump 8
|
.Xr tcpdump 1
|
||||||
does not explicitly give the packet length.
|
does not explicitly give the packet length.
|
||||||
But it can usually be derived by adding the size of the IPv4 header to
|
But it can usually be derived by adding the size of the IPv4 header to
|
||||||
the size of the TCP header to the size of the TCP options.
|
the size of the TCP header to the size of the TCP options.
|
||||||
@ -236,7 +239,7 @@ three bytes.
|
|||||||
.Pp
|
.Pp
|
||||||
In the above example, the packet size comes out to 44 bytes.
|
In the above example, the packet size comes out to 44 bytes.
|
||||||
.Sh SEE ALSO
|
.Sh SEE ALSO
|
||||||
|
.Xr tcpdump 1 ,
|
||||||
.Xr pf 4 ,
|
.Xr pf 4 ,
|
||||||
.Xr pf.conf 5 ,
|
.Xr pf.conf 5 ,
|
||||||
.Xr pfctl 8 ,
|
.Xr pfctl 8
|
||||||
.Xr tcpdump 8
|
|
||||||
|
@ -42,7 +42,7 @@ table used by
|
|||||||
.Xr pf 4 .
|
.Xr pf 4 .
|
||||||
.\" XXX: not yet!
|
.\" XXX: not yet!
|
||||||
.\" State changes can be viewed by invoking
|
.\" State changes can be viewed by invoking
|
||||||
.\" .Xr tcpdump 8
|
.\" .Xr tcpdump 1
|
||||||
.\" on the
|
.\" on the
|
||||||
.\" .Nm
|
.\" .Nm
|
||||||
.\" interface.
|
.\" interface.
|
||||||
|
@ -24,6 +24,8 @@
|
|||||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
|
.\" $FreeBSD$
|
||||||
|
.\"
|
||||||
.Dd July 9, 2001
|
.Dd July 9, 2001
|
||||||
.Dt PFLOGD 8
|
.Dt PFLOGD 8
|
||||||
.Os
|
.Os
|
||||||
@ -46,14 +48,14 @@ to the packet logging interface
|
|||||||
and writes the packets to a logfile (normally
|
and writes the packets to a logfile (normally
|
||||||
.Pa /var/log/pflog )
|
.Pa /var/log/pflog )
|
||||||
in
|
in
|
||||||
.Xr tcpdump 8
|
.Xr tcpdump 1
|
||||||
binary format.
|
binary format.
|
||||||
These logs can be reviewed later using the
|
These logs can be reviewed later using the
|
||||||
.Fl r
|
.Fl r
|
||||||
option of
|
option of
|
||||||
.Xr tcpdump 8 ,
|
.Xr tcpdump 1 ,
|
||||||
hopefully offline in case there are bugs in the packet parsing code of
|
hopefully offline in case there are bugs in the packet parsing code of
|
||||||
.Xr tcpdump 8 .
|
.Xr tcpdump 1 .
|
||||||
.Pp
|
.Pp
|
||||||
.Nm
|
.Nm
|
||||||
closes and then re-opens the log file when it receives
|
closes and then re-opens the log file when it receives
|
||||||
@ -112,7 +114,7 @@ Other file parsers may desire a higher snaplen.
|
|||||||
Check the integrity of an existing log file, and return.
|
Check the integrity of an existing log file, and return.
|
||||||
.It Ar expression
|
.It Ar expression
|
||||||
Selects which packets will be dumped, using the regular language of
|
Selects which packets will be dumped, using the regular language of
|
||||||
.Xr tcpdump 8 .
|
.Xr tcpdump 1 .
|
||||||
.El
|
.El
|
||||||
.Sh FILES
|
.Sh FILES
|
||||||
.Bl -tag -width /var/run/pflogd.pid -compact
|
.Bl -tag -width /var/run/pflogd.pid -compact
|
||||||
@ -178,12 +180,12 @@ the wi0 interface:
|
|||||||
# tcpdump -n -e -ttt -i pflog0 inbound and action block and on wi0
|
# tcpdump -n -e -ttt -i pflog0 inbound and action block and on wi0
|
||||||
.Ed
|
.Ed
|
||||||
.Sh SEE ALSO
|
.Sh SEE ALSO
|
||||||
|
.Xr tcpdump 1 ,
|
||||||
.Xr pcap 3 ,
|
.Xr pcap 3 ,
|
||||||
.Xr pf 4 ,
|
.Xr pf 4 ,
|
||||||
.Xr pflog 4 ,
|
.Xr pflog 4 ,
|
||||||
.Xr pf.conf 5 ,
|
.Xr pf.conf 5 ,
|
||||||
.Xr newsyslog 8 ,
|
.Xr newsyslog 8
|
||||||
.Xr tcpdump 8
|
|
||||||
.Sh HISTORY
|
.Sh HISTORY
|
||||||
The
|
The
|
||||||
.Nm
|
.Nm
|
||||||
|
Loading…
Reference in New Issue
Block a user