More tcpdump 8->1 cleanup.

Approved by:	mlaier
MFC after:	3 days
This commit is contained in:
brueffer 2005-08-06 13:03:03 +00:00
parent b6bd2d8bbb
commit ec4f7f03b1
3 changed files with 17 additions and 12 deletions

View File

@ -13,6 +13,9 @@
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $FreeBSD$
.\"
.Dd August 18, 2003
.Dt PF.OS 5
.Os
@ -23,7 +26,7 @@
The
.Xr pf 4
firewall and the
.Xr tcpdump 8
.Xr tcpdump 1
program can both fingerprint the operating system of hosts that
originate an IPv4 TCP connection.
The file consists of newline-separated records, one per fingerprint,
@ -200,7 +203,7 @@ An absolutely braindead embedded operating system fingerprint could be:
.Ed
.Pp
The
.Xr tcpdump 8
.Xr tcpdump 1
output of
.Bd -literal
# tcpdump -s128 -c1 -nv 'tcp[13] == 2'
@ -214,7 +217,7 @@ almost translates into the following fingerprint
57344:64:1:44:M1460: exampleOS:1.0::exampleOS 1.0
.Ed
.Pp
.Xr tcpdump 8
.Xr tcpdump 1
does not explicitly give the packet length.
But it can usually be derived by adding the size of the IPv4 header to
the size of the TCP header to the size of the TCP options.
@ -236,7 +239,7 @@ three bytes.
.Pp
In the above example, the packet size comes out to 44 bytes.
.Sh SEE ALSO
.Xr tcpdump 1 ,
.Xr pf 4 ,
.Xr pf.conf 5 ,
.Xr pfctl 8 ,
.Xr tcpdump 8
.Xr pfctl 8

View File

@ -42,7 +42,7 @@ table used by
.Xr pf 4 .
.\" XXX: not yet!
.\" State changes can be viewed by invoking
.\" .Xr tcpdump 8
.\" .Xr tcpdump 1
.\" on the
.\" .Nm
.\" interface.

View File

@ -24,6 +24,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.Dd July 9, 2001
.Dt PFLOGD 8
.Os
@ -46,14 +48,14 @@ to the packet logging interface
and writes the packets to a logfile (normally
.Pa /var/log/pflog )
in
.Xr tcpdump 8
.Xr tcpdump 1
binary format.
These logs can be reviewed later using the
.Fl r
option of
.Xr tcpdump 8 ,
.Xr tcpdump 1 ,
hopefully offline in case there are bugs in the packet parsing code of
.Xr tcpdump 8 .
.Xr tcpdump 1 .
.Pp
.Nm
closes and then re-opens the log file when it receives
@ -112,7 +114,7 @@ Other file parsers may desire a higher snaplen.
Check the integrity of an existing log file, and return.
.It Ar expression
Selects which packets will be dumped, using the regular language of
.Xr tcpdump 8 .
.Xr tcpdump 1 .
.El
.Sh FILES
.Bl -tag -width /var/run/pflogd.pid -compact
@ -178,12 +180,12 @@ the wi0 interface:
# tcpdump -n -e -ttt -i pflog0 inbound and action block and on wi0
.Ed
.Sh SEE ALSO
.Xr tcpdump 1 ,
.Xr pcap 3 ,
.Xr pf 4 ,
.Xr pflog 4 ,
.Xr pf.conf 5 ,
.Xr newsyslog 8 ,
.Xr tcpdump 8
.Xr newsyslog 8
.Sh HISTORY
The
.Nm