From 819f8dfa2b05202c7e6b92517fdcea8744ee408b Mon Sep 17 00:00:00 2001 From: Christian Brueffer Date: Sat, 6 Aug 2005 13:03:03 +0000 Subject: [PATCH] More tcpdump 8->1 cleanup. Approved by: mlaier MFC after: 3 days --- contrib/pf/man/pf.os.5 | 13 ++++++++----- contrib/pf/man/pfsync.4 | 2 +- contrib/pf/pflogd/pflogd.8 | 14 ++++++++------ 3 files changed, 17 insertions(+), 12 deletions(-) diff --git a/contrib/pf/man/pf.os.5 b/contrib/pf/man/pf.os.5 index f4bdeda2edd4..07e092753504 100644 --- a/contrib/pf/man/pf.os.5 +++ b/contrib/pf/man/pf.os.5 @@ -13,6 +13,9 @@ .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" $FreeBSD$ +.\" .Dd August 18, 2003 .Dt PF.OS 5 .Os @@ -23,7 +26,7 @@ The .Xr pf 4 firewall and the -.Xr tcpdump 8 +.Xr tcpdump 1 program can both fingerprint the operating system of hosts that originate an IPv4 TCP connection. The file consists of newline-separated records, one per fingerprint, @@ -200,7 +203,7 @@ An absolutely braindead embedded operating system fingerprint could be: .Ed .Pp The -.Xr tcpdump 8 +.Xr tcpdump 1 output of .Bd -literal # tcpdump -s128 -c1 -nv 'tcp[13] == 2' @@ -214,7 +217,7 @@ almost translates into the following fingerprint 57344:64:1:44:M1460: exampleOS:1.0::exampleOS 1.0 .Ed .Pp -.Xr tcpdump 8 +.Xr tcpdump 1 does not explicitly give the packet length. But it can usually be derived by adding the size of the IPv4 header to the size of the TCP header to the size of the TCP options. @@ -236,7 +239,7 @@ three bytes. .Pp In the above example, the packet size comes out to 44 bytes. .Sh SEE ALSO +.Xr tcpdump 1 , .Xr pf 4 , .Xr pf.conf 5 , -.Xr pfctl 8 , -.Xr tcpdump 8 +.Xr pfctl 8 diff --git a/contrib/pf/man/pfsync.4 b/contrib/pf/man/pfsync.4 index cde2f7e9e3c6..10fc5a6180eb 100644 --- a/contrib/pf/man/pfsync.4 +++ b/contrib/pf/man/pfsync.4 @@ -42,7 +42,7 @@ table used by .Xr pf 4 . .\" XXX: not yet! .\" State changes can be viewed by invoking -.\" .Xr tcpdump 8 +.\" .Xr tcpdump 1 .\" on the .\" .Nm .\" interface. diff --git a/contrib/pf/pflogd/pflogd.8 b/contrib/pf/pflogd/pflogd.8 index d13b772b630a..0eef77b5674c 100644 --- a/contrib/pf/pflogd/pflogd.8 +++ b/contrib/pf/pflogd/pflogd.8 @@ -24,6 +24,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" +.\" $FreeBSD$ +.\" .Dd July 9, 2001 .Dt PFLOGD 8 .Os @@ -46,14 +48,14 @@ to the packet logging interface and writes the packets to a logfile (normally .Pa /var/log/pflog ) in -.Xr tcpdump 8 +.Xr tcpdump 1 binary format. These logs can be reviewed later using the .Fl r option of -.Xr tcpdump 8 , +.Xr tcpdump 1 , hopefully offline in case there are bugs in the packet parsing code of -.Xr tcpdump 8 . +.Xr tcpdump 1 . .Pp .Nm closes and then re-opens the log file when it receives @@ -112,7 +114,7 @@ Other file parsers may desire a higher snaplen. Check the integrity of an existing log file, and return. .It Ar expression Selects which packets will be dumped, using the regular language of -.Xr tcpdump 8 . +.Xr tcpdump 1 . .El .Sh FILES .Bl -tag -width /var/run/pflogd.pid -compact @@ -178,12 +180,12 @@ the wi0 interface: # tcpdump -n -e -ttt -i pflog0 inbound and action block and on wi0 .Ed .Sh SEE ALSO +.Xr tcpdump 1 , .Xr pcap 3 , .Xr pf 4 , .Xr pflog 4 , .Xr pf.conf 5 , -.Xr newsyslog 8 , -.Xr tcpdump 8 +.Xr newsyslog 8 .Sh HISTORY The .Nm