man: finish astraceroute man page

Finish writing up the remaining section of the astraceroute man
page.

Signed-off-by: Daniel Borkmann <dborkman@redhat.com>

1 files changed, 65 insertions, 2 deletions

diff --git a/astraceroute.8 b/astraceroute.8
index 9907bba..28d1948 100644
--- a/astraceroute.8
+++ b/astraceroute.8
@@ -30,52 +30,96 @@ tool might be a good start for further in-depth analysis of such systems.
 .SH OPTIONS
 
 .SS -H <host>, --host <host>
+Hostname, IPv4 or IPv6 address of the remote host where the AS route should
+be traced to. In case of an IPv6 address or host, also option ``-6'' must be
+used. IPv4 is the default.
 
 .SS -p <port>, --port <port>
+TCP port for the remote host to use. If not otherwise specified, the default
+port to be used is 80.
 
 .SS -i <device>, -d <device>, --dev <device>
+Networking device to start the trace route from, e.g. eth0, wlan0.
 
 .SS -f <ttl>, --init-ttl <ttl>
+Initial TTL value to be used. This option might be useful if you are not
+interested in the first n hops, but only follow-up ones. The default
+initial TTL value is 1.
 
 .SS -m <ttl>, --max-ttl <ttl>
+Maximum TTL value to be used. If not otherwise specified, the maximum
+TTL value is 30. Thus, after this has been reached astraceroute exits
+itself.
 
 .SS -q <num>, --num-probes <num>
+Specifies the number of queries to be done on a particular hop. The
+default is 2 query requests.
 
 .SS -x <sec>, --timeout <sec>
+Tells astraceroute the probe response timeout in seconds, in other words
+the maximum time astraceroute must wait for an ICMP response from the current
+hop. The default is 3 seconds.
 
 .SS -X <string>, --payload <string>
+Places an ASCII cleartext into the packet payload. In case the cleartext
+contains whitespaces, it must be put into quotes, f.e. "censer me".
 
 .SS -l <len>, --totlen <len>
+Specifies the total length of the packet. Payload that does not have a
+cleartext string in it is padded with random garbage.
 
 .SS -4, --ipv4
+Use IPv4 only requests. This is the default.
 
 .SS -6, --ipv6
+Use IPv6 only requests. This must be used when passing an IPv6 host as an
+argument.
 
 .SS -n, --numeric
+Tells astraceroute to not perform reverse DNS lookup for hop replies. The
+reverse option is ``-N''.
 
 .SS -u, --update
+The built-in geo-database update mechanism will be invoked to get Maxmind's
+latest version. To configure search locations for databases, the file
+/etc/netsniff-ng/geoip.conf contains possible addresses. Thus, to save bandwidth
+or for mirroring Maxmind's databases (to bypass their traffic limit policy),
+different hosts or IP addresses can be placed into geoip.conf, separated by
+a newline.
 
 .SS -L, --latitude
+Also show latitude and longtitude of hops.
 
 .SS -N, --dns
+Tells astraceroute to perform reverse DNS lookup for hop replies. The
+reverse option is ``-n''.
 
 .SS -S, --syn
+Use TCP's SYN flag for the request.
 
 .SS -A, --ack
+Use TCP's ACK flag for the request.
 
 .SS -F, --fin
+Use TCP's FIN flag for the request.
 
 .SS -P, --psh
+Use TCP's PSH flag for the request.
 
 .SS -U, --urg
+Use TCP's URG flag for the request.
 
 .SS -R, --rst
+Use TCP's RST flag for the request.
 
 .SS -E, --ecn-syn
+Use TCP's ECN flag for the request.
 
 .SS -t <tos>, --tos <tos>
+Explicitly specify IP's TOS.
 
 .SS -G, --nofrag
+Set the IP's no fragmentation flag.
 
 .SS -Z, --show-packet
 Show and dissect the returned packet.
@@ -89,11 +133,30 @@ Show user help.
 .SH USAGE EXAMPLE
 
 .SS astraceroute -i eth0 -N -S -H netsniff-ng.org
-.SS astraceroute -i eth0 -N -E -H netsniff-ng.org
+This sends out a TCP SYN probe via the ``eth0'' networking device to the
+remote IPv4 host netsniff-ng.org. This request is most likely to pass. Also,
+tell astraceroute to perform reverse DNS lookups for each hop.
+
+.SS astraceroute -6 -i eth0 -S -E -N -H www.6bone.net
+In this example, a TCP SYN/ECN probe for the IPv6 host www.6bone.net is being
+performed. Also in this case, the ``eth0'' device is being used and hops are
+being reserve DNS'ed.
+
 .SS astraceroute -i eth0 -N -F -H netsniff-ng.org
+Here, we send out a TCP FIN probe to the remote host netsniff-ng.org. Again,
+on each hop a reverse DNS lookup is being done and the queries are transmitted
+from ``eth0''. IPv4 is used.
+
 .SS astraceroute -i eth0 -N -FPU -H netsniff-ng.org
+As in most other examples, we perform a trace route to IPv4 host netsniff-ng.org
+and do a TCP Xmas probe this time.
+
 .SS astraceroute -i eth0 -N -H netsniff-ng.org -X "censor-me" -Z
-.SS astraceroute -6 -i eth0 -S -E -N -H www.6bone.net
+In this example, we have a Null probe to the remote host netsniff-ng.org, port
+80 (default) and this time, we append the cleartext string "censor-me" into the
+packet payload to test if a firewall/DPI will let this string pass. Such a trace
+could be done once without and once with a blacklisted string to gather possible
+information about censorhsip.
 
 .SH NOTE
 If a TCP-based probe will fail after a number of retries, astraceroute will