More tcpdump 8->1 cleanup.
Approved by: mlaier MFC after: 3 days
This commit is contained in:
parent
b6bd2d8bbb
commit
ec4f7f03b1
@ -13,6 +13,9 @@
|
||||
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd August 18, 2003
|
||||
.Dt PF.OS 5
|
||||
.Os
|
||||
@ -23,7 +26,7 @@
|
||||
The
|
||||
.Xr pf 4
|
||||
firewall and the
|
||||
.Xr tcpdump 8
|
||||
.Xr tcpdump 1
|
||||
program can both fingerprint the operating system of hosts that
|
||||
originate an IPv4 TCP connection.
|
||||
The file consists of newline-separated records, one per fingerprint,
|
||||
@ -200,7 +203,7 @@ An absolutely braindead embedded operating system fingerprint could be:
|
||||
.Ed
|
||||
.Pp
|
||||
The
|
||||
.Xr tcpdump 8
|
||||
.Xr tcpdump 1
|
||||
output of
|
||||
.Bd -literal
|
||||
# tcpdump -s128 -c1 -nv 'tcp[13] == 2'
|
||||
@ -214,7 +217,7 @@ almost translates into the following fingerprint
|
||||
57344:64:1:44:M1460: exampleOS:1.0::exampleOS 1.0
|
||||
.Ed
|
||||
.Pp
|
||||
.Xr tcpdump 8
|
||||
.Xr tcpdump 1
|
||||
does not explicitly give the packet length.
|
||||
But it can usually be derived by adding the size of the IPv4 header to
|
||||
the size of the TCP header to the size of the TCP options.
|
||||
@ -236,7 +239,7 @@ three bytes.
|
||||
.Pp
|
||||
In the above example, the packet size comes out to 44 bytes.
|
||||
.Sh SEE ALSO
|
||||
.Xr tcpdump 1 ,
|
||||
.Xr pf 4 ,
|
||||
.Xr pf.conf 5 ,
|
||||
.Xr pfctl 8 ,
|
||||
.Xr tcpdump 8
|
||||
.Xr pfctl 8
|
||||
|
@ -42,7 +42,7 @@ table used by
|
||||
.Xr pf 4 .
|
||||
.\" XXX: not yet!
|
||||
.\" State changes can be viewed by invoking
|
||||
.\" .Xr tcpdump 8
|
||||
.\" .Xr tcpdump 1
|
||||
.\" on the
|
||||
.\" .Nm
|
||||
.\" interface.
|
||||
|
@ -24,6 +24,8 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd July 9, 2001
|
||||
.Dt PFLOGD 8
|
||||
.Os
|
||||
@ -46,14 +48,14 @@ to the packet logging interface
|
||||
and writes the packets to a logfile (normally
|
||||
.Pa /var/log/pflog )
|
||||
in
|
||||
.Xr tcpdump 8
|
||||
.Xr tcpdump 1
|
||||
binary format.
|
||||
These logs can be reviewed later using the
|
||||
.Fl r
|
||||
option of
|
||||
.Xr tcpdump 8 ,
|
||||
.Xr tcpdump 1 ,
|
||||
hopefully offline in case there are bugs in the packet parsing code of
|
||||
.Xr tcpdump 8 .
|
||||
.Xr tcpdump 1 .
|
||||
.Pp
|
||||
.Nm
|
||||
closes and then re-opens the log file when it receives
|
||||
@ -112,7 +114,7 @@ Other file parsers may desire a higher snaplen.
|
||||
Check the integrity of an existing log file, and return.
|
||||
.It Ar expression
|
||||
Selects which packets will be dumped, using the regular language of
|
||||
.Xr tcpdump 8 .
|
||||
.Xr tcpdump 1 .
|
||||
.El
|
||||
.Sh FILES
|
||||
.Bl -tag -width /var/run/pflogd.pid -compact
|
||||
@ -178,12 +180,12 @@ the wi0 interface:
|
||||
# tcpdump -n -e -ttt -i pflog0 inbound and action block and on wi0
|
||||
.Ed
|
||||
.Sh SEE ALSO
|
||||
.Xr tcpdump 1 ,
|
||||
.Xr pcap 3 ,
|
||||
.Xr pf 4 ,
|
||||
.Xr pflog 4 ,
|
||||
.Xr pf.conf 5 ,
|
||||
.Xr newsyslog 8 ,
|
||||
.Xr tcpdump 8
|
||||
.Xr newsyslog 8
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
|
Loading…
Reference in New Issue
Block a user