Updated manpage

man/generate-man.sh

@@ -4,7 +4,7 @@
 # Copyright 2016 Joao Eriberto Mota Filho <[email protected]>
 # This file is under BSD-3-Clause
 
-P_DATA="18 Jan 2017"
+P_DATA="19 Jan 2017"
 P_NAME=packit
 P_VERSION=1.5
 P_MANLEVEL=8

man/packit.8

@@ -1,5 +1,5 @@
 .\" Text automatically generated by txt2man
-.TH packit 8 "18 Jan 2017" "packit-1.5" "Packet analysis and injection tool"
+.TH packit 8 "19 Jan 2017" "packit-1.5" "Packet analysis and injection tool"
 .SH NAME
 \fBPackit \fP- packet analysis and injection tool
 \fB
@@ -26,15 +26,15 @@
 Packit is a network auditing tool. It's value is derived from its ability to
 customize, \fIinject\fP, monitor, and manipulate IP traffic. By allowing you to
 define (spoof) all TCP, UDP, ICMP, IP, ARP, RARP and Ethernet header options,
-Packit can be useful in testing firewalls, intrusion detection systems, port
+Packit can be useful to test firewalls, intrusion detection systems, port
 scanning, simulating network traffic and general TCP/IP auditing. Packit is
 also an excellent tool for learning TCP/IP.
 .SH PACKIT BASE OPTIONS
 .TP
 .B
 \fB-m\fP mode
 Select a runtime mode. Currently supported modes
-are \fIcapture\fP, \fIinject\fP and trace. The default is \fIinject\fP.
+are \fIcapture\fP, \fIinject\fP and trace. The default mode is \fIinject\fP.
 .SH PACKET CAPTURE OPTIONS
 \fBPacket\fP \fIcapture\fP options are as follows:
 .TP
@@ -94,9 +94,9 @@ Display hexadecimal & ascii dump of each packet up to snap length bytes.
 \fIexpression\fP
 Selects which packets should be displayed. If no \fIexpression\fP is
 given, all packets are displayed. This option is based in pcap
-library. See the \fBtcpdump\fP(1) manpage for more detailed information.
+library. See the \fBpcap-filter\fP(7) manpage for more detailed information.
 .SH PACKET INJECTION AND TRACE
-\fBPacket\fP injection is used to define and \fIinject\fP IP based network traffic onto
+\fBPacket\fP injection is used to define and \fIinject\fP a network traffic onto
 your network. You have the ability to define essentially any ARP, IP, TCP,
 UDP, ICMP and Ethernet header value. This can be valuable in a number of ways,
 including testing firewalls, intrusion detection systems, simulating traffic
@@ -301,8 +301,7 @@ Debian systems this \fIfile\fP can be found at /usr/share/doc/\fBpackit\fP/ICMP.
 \fB-C\fP code
 Specify the ICMP code. See docs/ICMP.txt for details on codes. On
 Debian systems this \fIfile\fP can be found at /usr/share/doc/\fBpackit\fP/ICMP.txt.
-.PP
-ECHO REQUEST / ECHO REPLY OPTIONS
+.SS ICMP ECHO REQUEST AND ECHO REPLY OPTIONS
 .TP
 .B
 \fB-N\fP id number
@@ -311,10 +310,8 @@ by default.
 .TP
 .B
 \fB-Q\fP sequence number
-Define the 16-bit ICMP sequence number. This value is random by
-default.
-.PP
-UNREACHABLE / REDIRECT / TIME EXCEEDED OPTIONS
+Define the 16-bit ICMP sequence number. This value is random by default.
+.SS ICMP UNREACHABLE OR REDIRECT OR TIME EXCEEDED OPTIONS
 .TP
 .B
 \fB-g\fP gateway
@@ -356,8 +353,7 @@ Define the Type of Service of the original packet. See the
 \fB-P\fP \fIprotocol\fP
 Define the \fIprotocol\fP of the original packet. This option
 defaults to UDP.
-.PP
-MASK REQUEST / MASK REPLY OPTIONS
+.SS MASK REQUEST AND MASK REPLY OPTIONS
 .TP
 .B
 \fB-N\fP id number
@@ -373,8 +369,7 @@ default.
 \fB-G\fP address mask
 Define the address network mask. The default value for this option
 is 255.255.255.0.
-.PP
-TIMESTAMP REQUEST / TIMESTAMP REPLY OPTIONS
+.SS TIMESTAMP REQUEST AND TIMESTAMP REPLY OPTIONS
 .TP
 .B
 \fB-N\fP id number
@@ -410,11 +405,11 @@ Define the ARP / RARP / IRARP operation type. The valid options are
 as follows:
 .RS
 .IP \(bu 3
-1 : ARP Request (Default for ARP packages.)
+1 : ARP Request (Default for ARP packages)
 .IP \(bu 3
 2 : ARP Reply
 .IP \(bu 3
-3 : Reverse ARP Request (Default for RARP packages.)
+3 : Reverse ARP Request (Default for RARP packages)
 .IP \(bu 3
 4 : Reverse ARP Reply
 .IP \(bu 3
@@ -433,11 +428,11 @@ Use a random target host IP address.
 .TP
 .B
 \fB-Y\fP target ethernet address
-The ethernet (hardware) address of the target host.
+The Ethernet (hardware) address of the target host.
 .TP
 .B
 \fB-YR\fP
-Usage a random target host ethernet address.
+Usage a random target host Ethernet address.
 .TP
 .B
 \fB-x\fP sender IP address
@@ -449,70 +444,70 @@ Use a random sender host IP address.
 .TP
 .B
 \fB-X\fP sender ethernet address
-The ethernet (hardware) address of the sender host.
+The Ethernet (hardware) address of the sender host.
 .TP
 .B
 \fB-XR\fP
-Usage a random sender host ethernet address.
+Usage a random sender host Ethernet address.
 .SH ETHERNET HEADER OPTIONS
 This section documents the Ethernet header command-line options.
 .TP
 .B
 \fB-e\fP src ethernet address
-The ethernet (hardware) address the packet will appear to come from.
+The Ethernet (hardware) address the packet will appear to come from.
+If not defined, the original Ethernet address will be used.
 .TP
 .B
 \fB-eR\fP
-Use a random source ethernet address. If you define this, you will most
-likely need to define the destination ethernet header value as well. When
-using either \fB-e\fP or \fB-E\fP, you enable link level packet injection and enable
-link level packet injection and the destination cannot be auto-defined
-while injecting in this manner.
+Use a random source Ethernet address. If you define this, you will most
+likely need to define the destination Ethernet header value as well. When
+using either \fB-e\fP or \fB-E\fP, you enable link level packet injection and the
+destination cannot be auto-defined while injecting in this manner.
 .TP
 .B
 \fB-E\fP dst ethernet address
-The ethernet (hardware) of the next routable \fIinterface\fP the packet
+The Ethernet (hardware) of the next routable \fIinterface\fP which the packet
 will cross while making it's way to the destination.
 .TP
 .B
 \fB-ER\fP
-Use a random destination ethernet address. The following two rules should
+Use a random destination Ethernet address. The following two rules should
 be followed if you actually want the destination to receive the packets
 you're sending:
 .RS
 .IP 1. 4
 If the destination exists beyond your default route (gateway),
-the destination ethernet address should be set to the default
-routes address should be set to the default routes ethernet
-address. This can typically be found by using the \fBarp\fP(8) command.
+the destination Ethernet address should be set to the default
+routes Ethernet address. This can typically be found by using
+the \fBarp\fP(8) command.
 .IP 2. 4
 If the destination exists on your subnet, the destination
-ethernet address should be set to its ethernet address. This
-can typically be found by using the arp command.
+Ethernet address should be set to its Ethernet address. This
+can typically be found by using the \fBarp\fP(8) command.
 .SH PACKET CAPTURE EXAMPLES
-To print all TCP communications that doesn't revolve around SSH (port 22):
+Print all TCP communications that doesn't revolve around SSH (port 22):
 .PP
 .nf
 .fam C
-    packit -m cap 'tcp and not port 22'
+    # packit -m cap 'tcp and not port 22'
 
 .fam T
 .fi
-To print the start and end packets (the SYN and FIN pack- ets) of each TCP
+Print the start and end packets (the SYN and FIN packets) of each TCP
 conversation that involves a non-local host, don't resolve addresses and
 display hex/ascii dump of the packet:
 .PP
 .nf
 .fam C
-    packit -m cap -nX 'tcp[tcpflags] & (tcp-syn|tcp-fin) != 0 and not src and dst net localnet'
+    # packit -m cap -nX 'tcp[tcpflags] & (tcp-syn|tcp-fin) != 0 and not src and dst net localnet'
 
 .fam T
 .fi
-To write the first 10 ICMP packets captured to a \fIfile\fP:
+Write the first 10 ICMP packets captured to a \fIfile\fP:
 .PP
 .nf
 .fam C
-    packit -m cap -c 10 -w /tmp/mylog 'icmp'
+    # packit -m cap -c 10 -w /tmp/mylog 'icmp'
 
 .fam T
 .fi
@@ -522,7 +517,7 @@ host '192.168.0.1' and watch for a response:
 .PP
 .nf
 .fam C
-    packit -t icmp -s 3.1.33.7 -d 192.168.0.1 -c 10 -h
+    # packit -t icmp -s 3.1.33.7 -d 192.168.0.1 -c 10 -h
 
 .fam T
 .fi
@@ -531,37 +526,37 @@ address mask of 255.255.255.0:
 .PP
 .nf
 .fam C
-    packit -t icmp -K 18 -d 127.0.0.1 -N 211 -G 255.255.255.0
+    # packit -t icmp -K 18 -d 127.0.0.1 -N 211 -G 255.255.255.0
 
 .fam T
 .fi
 Inject 5 TCP packets from random hosts to 'www.example.com' with the SYN flag
-set, a window size of 666, a random source ethernet address, a destination
-ethernet address of 00:53:00:0f:00:0d, with a payload of "HI JOHN", displaying
+set, a window size of 666, a random source Ethernet address, a destination
+Ethernet address of 00:53:00:0f:00:0d, with a payload of "HI JOHN", displaying
 each packet injected.
 .PP
 .nf
 .fam C
-    packit -sR -d www.example.com -F S -c 5 -W 666 -eR -E 00:53:00:0f:00:0d -p 'HI JOHN' -v
+    # packit -sR -d www.example.com -F S -c 5 -W 666 -eR -E 00:53:00:0f:00:0d -p 'HI JOHN' -v
 
 .fam T
 .fi
 or simplifying the MAC address:
 .PP
 .nf
 .fam C
-    packit -sR -d www.example.com -F S -c 5 -W 666 -eR -E 0:53:0:f:00:d -p 'HI JOHN' -v
+    # packit -sR -d www.example.com -F S -c 5 -W 666 -eR -E 0:53:0:f:00:d -p 'HI JOHN' -v
 
 .fam T
 .fi
 Inject a total of 1000 TCP packets in 20 packet per second bursts
 from 192.168.0.1 on port 403 to 192.168.0.20 on port 80 with the SYN and RST
-flags set, a sequence number of 12345678910 and a source ethernet address
+flags set, a sequence number of 12345678910 and a source Ethernet address
 of 0:0:0:0:0:0:
 .PP
 .nf
 .fam C
-    packit -s 192.168.0.1 -d 192.168.0.20 -S 403 -D 80 -F SR -q 12345678910 -c 1000 -b 20 -e 0:0:0:0:0:0
+    # packit -s 192.168.0.1 -d 192.168.0.20 -S 403 -D 80 -F SR -q 12345678910 -c 1000 -b 20 -e 0:0:0:0:0:0
 
 .fam T
 .fi
@@ -570,17 +565,17 @@ with the SYN flag set and display each packet we send:
 .PP
 .nf
 .fam C
-    packit -s 10.22.41.6 -d 172.16.1.3 -D 1-1024 -F S -v
+    # packit -s 10.22.41.6 -d 172.16.1.3 -D 1-1024 -F S -v
 
 .fam T
 .fi
 Inject a broadcast ARP reply stating that 4.3.2.1 is at 00:53:00:01:02:03.
-Also, spoof the source ethernet address for a little more authenticity and
+Also, spoof the source Ethernet address for a little more authenticity and
 supply the payload in hex:
 .PP
 .nf
 .fam C
-    packit -t arp -A 2 -x 4.3.2.1 -X 5:4:3:2:1:0 -e 00:53:00:01:02:03 -p '0x 70 61 63 6B 69 74'
+    # packit -t arp -A 2 -x 4.3.2.1 -X 5:4:3:2:1:0 -e 00:53:00:01:02:03 -p '0x 70 61 63 6B 69 74'
 
 .fam T
 .fi
@@ -589,23 +584,23 @@ Appear as a DNS response by using a UDP source port of 53 (DNS):
 .PP
 .nf
 .fam C
-    packit -m trace -t UDP -d 192.168.2.35 -S 53
+    # packit -m trace -t UDP -d 192.168.2.35 -S 53
 
 .fam T
 .fi
 Appear as HTTP traffic by using TCP port 80:
 .PP
 .nf
 .fam C
-    packit -m trace -t TCP -d www.google.com -S 80 -FS
+    # packit -m trace -t TCP -d www.google.com -S 80 -FS
 
 .fam T
 .fi
 .SH SEE ALSO
-\fBpcap\fP(3), \fBpcap-filter\fP(7), \fBtcpdump\fP(1)
+\fBarp\fP(8), \fBpcap\fP(3), \fBpcap-filter\fP(7), \fBtcpdump\fP(1)
 .SH BUGS
 .IP \(bu 3
-Due to limitations in some versions of *BSD, specifying arbitrary ethernet
+Due to limitations in some versions of *BSD, specifying arbitrary Ethernet
 and/or ARP header data may not be supported.
 .IP \(bu 3
 ARP \fIcapture\fP data is incomplete.
@@ -615,6 +610,7 @@ to https://github.com/eribertomota/\fBpackit\fP/issues
 .SH AUTHOR
 The original autor of \fBpackit\fP is Darren Bounds. The current project maintainer
 is Joao Eriberto Mota Filho. There are other new authors. Please, see AUTHORS
-\fIfile\fP.
+\fIfile\fP in source code. To help in development, see CONTRIBUTING.md. On Debian
+systems, these files will be available at /usr/share/doc/\fBpackit\fP/.
 .PP
-The latest version can be found at https://github.com/eribertomota/\fBpackit\fP
+The latest version of Packit can be found at https://github.com/eribertomota/\fBpackit\fP