diff options
-rw-r--r-- | mausezahn.8 | 188 |
1 files changed, 94 insertions, 94 deletions
diff --git a/mausezahn.8 b/mausezahn.8 index 876184f..00eaa76 100644 --- a/mausezahn.8 +++ b/mausezahn.8 @@ -14,7 +14,7 @@ mausezahn \- a fast versatile packet generator with Cisco-cli .PP mausezahn is a fast traffic generator which allows you to send nearly every possible and impossible packet. In contrast to trafgen(8), mausezahn's packet -configuration is on protocol-level instead of byte-level and mausezahn also +configuration is on a protocol-level instead of byte-level and mausezahn also comes with a built-in Cisco-like command-line interface, making it suitable as a network traffic generator box in your network lab. .PP @@ -31,17 +31,17 @@ and every packet parameter is specified in the argument list when calling mausezahn. .PP The ``interactive mode'' is an advanced multi-threaded configuration mode with -its own command line interface (cli). This mode allows you to create an arbitrary +its own command line interface (CLI). This mode allows you to create an arbitrary number of packet types and streams in parallel, each with different parameters. .PP The interactive mode utilizes a completely redesigned and more flexible protocol framework called ``mops'' (mausezahn's own packet system). The look and feel of -the cli is very close to the Cisco IOS^tm command line. +the CLI is very close to the Cisco IOS^tm command line interface. .PP You can start the interactive mode by executing mausezahn with the ``\-x'' argument (an optional port number may follow, otherwise it is 25542). Then use telnet(1) to connect to this mausezahn instance. If not otherwise specified, -the default login/password combination is mz:mz and the enable password is: mops. +the default login and password combination is mz:mz and the enable password is: mops. This can be changed in /etc/netsniff-ng/mausezahn.conf. .PP The direct mode supports two specification schemes: The ``raw-layer-2'' scheme, @@ -61,18 +61,18 @@ and ``\-p''. The frame length must be greater than or equal to 15 bytes. The ``higher-layer'' scheme is enabled using the ``\-t <packet-type>'' option. This option activates a packet builder, and besides the ``packet-type'', an optional ``arg-string'' can be specified. The ``arg-string'' contains packet- -specific parameters, such as TCP flags, port numbers, etc (see example section). +specific parameters, such as TCP flags, port numbers, etc. (see example section). .PP .SH OPTIONS .PP -mausezahn provides a built-in context-specific help. Thus, simply append the -keyword ``help'' after the configuration options. The most important options +mausezahn provides a built-in context-specific help. Append the keyword +``help'' after the configuration options. The most important options are: .PP .SS -x [<port>] -Start mausezahn in interactive mode with a Cisco-like cli. Use telnet to log +Start mausezahn in interactive mode with a Cisco-like CLI. Use telnet to log into the local mausezahn instance. If no port has been specified, port 25542 -is used as default. +is used by default. .PP .SS -v Verbose mode. Capital \-V is even more verbose. @@ -91,7 +91,7 @@ Send the packet count times (default: 1, infinite: 0). Apply delay between transmissions. The delay value can be specified in usec (default, no additional unit needed), or in msec (e.g. 100m or 100msec), or in seconds (e.g. 100s or 100sec). Note: mops also supports nanosecond delay -granulation if you need it (see interactive mode). +resolution if you need it (see interactive mode). .PP .SS -p <length> Pad the raw frame to specified length using zero bytes. Note that for raw @@ -99,7 +99,7 @@ layer 2 frames the specified length defines the whole frame length, while for higher layer packets the number of additional padding bytes are specified. .PP .SS -a <src-mac|keyword> -Use specified source MAC address with hex notation such as 00:00:aa:bb:cc:dd. +Use specified source MAC address with hexadecimal notation such as 00:00:aa:bb:cc:dd. By default the interface MAC address will be used. The keywords ``rand'' and ``own'' refer to a random MAC address (only unicast addresses are created) and the own address, respectively. You can also use the keywords mentioned @@ -107,14 +107,14 @@ below although broadcast-type source addresses are officially invalid. .PP .SS -b <dst-mac|keyword> Use specified destination MAC address. By default, a broadcast is sent in raw -layer 2 mode or the destination hosts/gateways interface MAC address in normal +layer 2 mode or to the destination hosts or gateway interface MAC address in normal (IP) mode. You can use the same keywords as mentioned above, as well as ``bc'' or ``bcast'', ``cisco'', and ``stp''. Please note that for the destination MAC address the ``rand'' keyword is supported but creates a random address only once, even when you send multiple packets. .PP .SS -A <src-ip|range|rand> -Use specified source IP address, default is own interface IP. Optionally, the +Use specified source IP address, default is own interface address. Optionally, the keyword ``rand'' can again be used for a random source IP address or a range can be specified, such as ``192.168.1.1-192.168.1.100'' or ``10.1.0.0/16''. Also, a DNS name can be specified for which mausezahn tries to determine the @@ -140,17 +140,17 @@ will output jitter statistics. See ``mausezahn \-T rtp help'' for a detailed hel .PP .SS -Q <[CoS:]vlan> [, <[CoS:]vlan>, ...] Specify 802.1Q VLAN tag and optional Class of Service. An arbitrary number of -VLAN tags can be specified (that is you can simulate QinQ or even QinQinQinQ..). +VLAN tags can be specified (that is, you can simulate QinQ or even QinQinQinQ..). Multiple tags must be separated via a comma or a period (e.g. "5:10,20,2:30"). VLAN tags are not supported for ARP and BPDU packets (in which case you could -specify the whole frame in hex using the raw layer 2 interface of mausezahn). +specify the whole frame in hexadecimal using the raw layer 2 interface of mausezahn). .PP .SS -M <label[:cos[:ttl]][bos]> [, <label...>] Specify a MPLS label or even a MPLS label stack. Optionally, for each label the experimental bits (usually the Class of Service, CoS) and the Time To Live -(TTL) can be specified. And if you are really crazy you can set/unset the -Bottom of Stack (BoS) bit at each label using the ``S'' (set) and ``s'' -(unset) option. By default, the BoS is set automatically and correct. Any other +(TTL) can be specified. If you are really crazy you can set and unset the +Bottom of Stack (BoS) bit for each label using the ``S'' (set) and ``s'' +(unset) option. By default, the BoS is set automatically and correctly. Any other setting will lead to invalid frames. Enter ``\-M help'' for detailed instructions and examples. .PP @@ -159,16 +159,16 @@ Specify a cleartext payload. Alternatively, each packet type supports a hexadecimal specification of the payload (see for example ``\-t udp help''). .PP .SS -f <filename> -Read the ascii payload from the specified file. +Read the ASCII payload from the specified file. .PP .SS -F <filename> -Read the hex payload from the specified file. Actually, this file must be also -an ascii text file, but must contain hexadecimal digits, e.g. "aa:bb:cc:0f:e6...". +Read the hexadecimal payload from the specified file. Actually, this file must be also +an ASCII text file, but must contain hexadecimal digits, e.g. "aa:bb:cc:0f:e6...". You can use also spaces as separation characters. .PP .SH USAGE EXAMPLE .PP -For more comprehensive examples, have a look at the two follow-up howto sections. +For more comprehensive examples, have a look at the two followng HOWTO sections. .PP .SS mausezahn eth0 \-c 0 \-d 2s \-t bpdu vlan=5 Send BPDU frames for VLAN 5 as used with Cisco's PVST+ type of STP. By default @@ -181,7 +181,7 @@ Perform a CAM table overflow attack. Perform a SYN flood attack to another VLAN using VLAN hopping. This only works if you are connected to the same VLAN which is configured as native VLAN on the trunk. We assume that the victim VLAN is VLAN 100 and the native VLAN is VLAN 5. -Lets attack every host in VLAN 100 which use a IP prefix of 10.100.100.0/24, also +Lets attack every host in VLAN 100 which use an IP prefix of 10.100.100.0/24, also try out all ports between 1 and 1023 and use a random source IP address. .PP .SS mausezahn eth0 \-c 0 \-d 10msec \-B 230.1.1.1 \-t udp "dp=32000,dscp=46" \-P "Multicast test packet" @@ -254,7 +254,7 @@ It is recommended to configure your own login credentials in .SS Basics: .PP Since you reached the mausezahn prompt, lets try some common commands. You can -use the '?' character at any time for a content-sensitive help. +use the '?' character at any time for content-sensitive help. .PP First try out the show command: .PP @@ -332,7 +332,7 @@ description for them: mz(config-pkt-2)# name Test mz(config-pkt-2)# desc This is just a test .PP -You can e.g. change the default settings for the source and destination MAC/IP +You can, for example, change the default settings for the source and destination MAC or IP addresses using the mac and ip commands: .PP mz(config-pkt-2)# ip address dest 10.1.1.0 /24 @@ -340,7 +340,7 @@ addresses using the mac and ip commands: .PP In the example above, we configured a range of addresses (all hosts in the network 10.1.1.0 should be addressed). Additionally we spoof our source IP -address. Of course, we can also add one or more VLAN and/or MPLS tag(s): +address. Of course, we can also add one or more VLAN and, or, MPLS tag(s): .PP mz(config-pkt-2)# tag ? dot1q Configure 802.1Q (and 802.1P) parameters @@ -372,7 +372,7 @@ unit is given). .SS Configuring protocol types: .PP mausezahn's interactive mode supports a growing list of protocols and only -relies on the MOPS architecture (and not on libnet as it is the case with +relies on the MOPS architecture (and not on libnet as is the case with the legacy direct mode): .PP mz(config-pkt-2)# type @@ -402,7 +402,7 @@ the legacy direct mode): fin set or unset the TCP FIN flag window Configure the TCP window size checksum Configure the TCP checksum - urgent-pointer Configure the TCP urgend pointer + urgent-pointer Configure the TCP urgent pointer options Configure TCP options end End TCP configuration mode mz(config-pkt-2-tcp)# flags syn fin rst @@ -520,7 +520,7 @@ Sometimes you may want to send a burst of packets at a greater interval: mz(config-pkt-2)# delay 15 usec Inter-packet delay set to 0 sec and 15000 nsec .PP -Now this packet is sent ten times with an inter-packet delay of 15 microsecond +Now this packet is sent ten times with an inter-packet delay of 15 microseconds and this is repeated every hour. When you look at the packet list, an interval is indicated with the additional flag 'i' when inactive or 'I' when active: .PP @@ -547,13 +547,13 @@ is indicated with the additional flag 'i' when inactive or 'I' when active: .PP Note that the flag 'I' indicates that an interval has been specified for packet 2. The process is not active at the moment (only packet 5 is active -here) but it will become active in a regular interval. You can verify the +here) but it will become active at regular intervals. You can verify the actual interval when viewing the packet details via the 'show packet 2' command. .PP .SS Load prepared configurations: .PP You can prepare packet configurations using the same commands as you would -type them in on the CLI and then load them to the CLI. For example assume we +type them in on the CLI and then load them to the CLI. For example, assume we have prepared a file 'test.mops' containing: .PP configure terminal @@ -577,7 +577,7 @@ command: .PP The file src/examples/mausezahn/example_lldp.conf contains another example list of commands to create a bogus LLDP packet. You can load this -configuration from the mausezahn command line, e.g. via: +configuration from the mausezahn command line as follows: .PP mz# load /home/hh/tmp/example_lldp.conf .PP @@ -585,7 +585,7 @@ In case you copied the file in that path. Now when you enter 'show packet' you will see a new packet entry in the packet list. Use the 'start slot <nr>' command to activate this packet. .PP -You can store your own packet creations in such file and easily load them when +You can store your own packet creations in such a file and easily load them when you need them. Every command within such configuration files is executed on the command line interface as if you had typed it in -- so be careful about the order and don't forget to use 'configure terminal' as first command. @@ -594,7 +594,7 @@ You can even load other files from within a central config file. .PP .SH DIRECT MODE HOWTO .PP -.SS How to specify hex digits: +.SS How to specify hexadecimal digits: .PP Many arguments allow direct byte input. Bytes are represented as two hexadecimal digits. Multiple bytes must be separated either by spaces, colons, @@ -608,7 +608,7 @@ frame right through your network card: .PP mausezahn ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:08:00:ca:fe:ba:be .PP - or equivalently but more readable: + or equivalent but more readable: .PP mausezahn ff:ff:ff:ff:ff:ff-ff:ff:ff:ff:ff:ff-08:00-ca:fe:ba:be .PP @@ -637,7 +637,7 @@ examples: mausezahn eth3 \-t udp sp=69,dp=69,p=ca:fe:ba:be .PP Note: Don't forget that on the CLI the Linux shell (usually the Bash) -interprets spaces as a delimiter character. That is, if you are specifying +interprets spaces as a delimiting character. That is, if you are specifying an argument that consists of multiple words with spaces in between, you MUST group this with quotes. For example, instead of .PP @@ -647,7 +647,7 @@ group this with quotes. For example, instead of .PP mausezahn eth0 \-t udp sp=1,dp=80,p=00:11:22:33 .PP - or, even more safe, use quotes: + or, for greater safety, use quotes: .PP mausezahn eth0 \-t udp "sp=1,dp=80,p=00:11:22:33" .PP @@ -663,16 +663,16 @@ is used outside the quotes! An important argument is "\-t" which invokes a packet builder. Currently there are packet builders for ARP, BPDU, CDP, IP, partly ICMP, UDP, TCP, RTP, DNS, and SYSLOG. (Additionally you can insert a VLAN tag or a MPLS label stack but -this works independent of the packet builder.) +this works independently of the packet builder.) .PP -You get context specific help of every packet builder using the help keyword, +You get context specific help for every packet builder using the help keyword, such as: .PP mausezahn \-t bpdu help mausezahn \-t tcp help .PP For every packet you may specify an optional payload. This can be done either -via HEX notation using the payload (or short p) argument or directly as ASCII +via hexadecimal notation using the payload (or short p) argument or directly as ASCII text using the \-P option: .PP mausezahn eth0 \-t ip \-P "Hello World" # ASCII payload @@ -681,14 +681,14 @@ text using the \-P option: p=68:65:6c:6c:6f:20:77:6f:72:6c:64, \\ # same with other ttl=1" # IP arguments .PP -Note: The raw link access mode only accepts hex payloads (because you specify -everything in hex here.) +Note: The raw link access mode only accepts hexadecimal payloads (because you specify +everything in hexadecimal here.) .PP .SS Packet count and delay: .PP -Per default only one packet is sent. If you want to send more packets then +By default only one packet is sent. If you want to send more packets then use the count option \-c <count>. When count is zero then mausezahn will send -forever. Per default mausezahn sends at maximum speed (and this is really +forever. By default, mausezahn sends at maximum speed (and this is really fast ;-)). If you don't want to overwhelm your network devices or have other reasons to send at a slower rate then you might want to specify a delay using the \-d <delay> option. @@ -698,7 +698,7 @@ Alternatively, for easier use, you might specify units such as seconds sec or milliseconds msec. (You can also abbreviate this with s or m.) Note: Don't use spaces between the value and the unit! Here are typical examples: .PP -Send infinite frames as fast as possible: +Send an infinite number of frames as fast as possible: .PP mausezahn \-c 0 "aa bb cc dd ...." .PP @@ -706,24 +706,24 @@ Send 100,000 frames with a 50 msec interval: .PP mausezahn \-c 100000 \-d 50msec "aa bb cc dd ...." .PP -Send infinite BPDU frames in a 2 second interval: +Send an unlimited number of BPDU frames in a 2 second interval: .PP mausezahn \-c 0 \-d 2s \-t bpdu conf .PP Note: mausezahn does not support fractional numbers. If you want to specify for -example 2.5 seconds then express this e.g. in milliseconds (2500 msec). +example 2.5 seconds then express this in milliseconds (2500 msec). .PP .SS Source and destination addresses: .PP -As mnemonic trick keep in mind that all packets run from "A" to "B". You can -always specify source and/or destination MAC addresses using the \-a and \-b +As a mnemonic trick keep in mind that all packets run from "A" to "B". You can +always specify source and destination MAC addresses using the \-a and \-b options, respectively. These options also allow keywords such as rand, own, bpdu, cisco, and others. .PP Similarly, you can specify source and destination IP addresses using the \-A and \-B options, respectively. These options also support FQDNs (i.e. domain -names) and ranges such as 192.168.0.0/24 or 10.0.0.11-10.0.3.22. Additionally -(only) the source address supports the rand keyword (ideal for "attacks"). +names) and ranges such as 192.168.0.0/24 or 10.0.0.11-10.0.3.22. Additionally, +the source address option supports the rand keyword (ideal for "attacks"). .PP Note: When you use the packet builder for IP-based packets (e.g. UDP or TCP) then mausezahn automatically cares about correct MAC and IP addresses (i.e. @@ -742,8 +742,8 @@ interface: mausezahn eth0 "ff:ff:ff:ff:ff:ff ff:ff:ff:ff:ff:ff 00:00 ca:fe:ba:be" .PP This way you can craft every packet you want but you must do it by hand. Note: -On WiFi interfaces the header is much more complicated and automatically -created by the WiFi-driver. As example to introduce some interesting options, +On Wi-Fi interfaces the header is much more complicated and automatically +created by the Wi-Fi driver. As an example to introduce some interesting options, lets continuously send frames at max speed with random source MAC address and broadcast destination address, additionally pad the frame to 1000 bytes: .PP @@ -758,10 +758,10 @@ least 15 bytes for technical reasons. Zero bytes are used for this padding. .PP mausezahn provides a simple interface to the ARP packet. You can specify the ARP method (request|reply) and up to four arguments: sendermac, targetmac, -senderip, targetip, or short smac, tmac, sip, tip. By default an ARP reply is +senderip, targetip, or short smac, tmac, sip, tip. By default, an ARP reply is sent with your own interface addresses as source MAC and IP address, and a -broadcast destination MAC/IP address. Send a gratitious ARP (as used for -duplicate IP detection): +broadcast destination MAC and IP address. Send a gratuitous ARP request (as used for +duplicate IP address detection): .PP mausezahn eth0 \-t arp .PP @@ -771,21 +771,21 @@ ARP cache poisoning: targetip=172.16.1.50" .PP where by default your interface MAC address will be used as sendermac, -senderip denotes the spoofed IP, targetmac and targetip identifies the -receiver. By default the Ethernet source address is your interface MAC and the -destination address is broadcast. Of course you can change this using again the -flags \-a and \-b. +senderip denotes the spoofed IP address, targetmac and targetip identifies the +receiver. By default, the Ethernet source address is your interface MAC and the +destination address is the broadcast address. You can change this +using the flags \-a and \-b. .PP .SS `-- BPDU: .PP mausezahn provides a simple interface to the 802.1d BPDU frame format (used to -create the Spanning Tree in bridged networks). By default standard IEEE 802.1d -(CST) BPDUs are sent and it is assumed that your computer wants to become the +create the Spanning Tree in bridged networks). By default, standard IEEE 802.1D +(STP) BPDUs are sent and it is assumed that your computer wants to become the root bridge (rid=bid). Optionally the 802.3 destination address can be a specified MAC address, broadcast, own MAC, or Cisco's PVST+ MAC address. The -destination MAC can be specified using the \-b command which (besides MAC -addresses) accepts keywords such as bcast, own, pvst, or stp (default). Since -version 0.16 PVST+ is supported. Simply specify the VLAN for which you want +destination MAC can be specified using the \-b command which, besides MAC +addresses, accepts keywords such as bcast, own, pvst, or stp (default). PVST+ +is supported since version 0.16. Simply specify the VLAN for which you want to send a BPDU: .PP mausezahn eth0 \-t bpdu "vlan=123, rid=2000" @@ -831,7 +831,7 @@ Mix it with MPLS: .PP Only in raw Layer 2 mode you must create the VLAN tag completely by yourself. For example if you want to send a frame in VLAN 5 using CoS 0 simply specify -81:00 as type field and for the next two bytes the CoS (, CFI) and VLAN values: +81:00 as type field and for the next two bytes the CoS, CFI, and VLAN values: .PP mausezahn eth0 \-b bc \-a rand "81:00 00:05 08:00 aa-aa-aa-aa-aa-aa-aa-aa-aa" .PP @@ -840,9 +840,9 @@ For example if you want to send a frame in VLAN 5 using CoS 0 simply specify mausezahn allows you to insert one or more MPLS headers. Simply use the option \-M <label:CoS:TTL:BoS> where only the label is mandatory. If you specify a second number it is interpreted as the experimental bits (the CoS usually). If -you specify a third number it is interpreted as TTL. Per default the TTL is -set to 255. The Bottom of Stack flag is set automatically (otherwise the frame -would be invalid) but if you want you can also set or unset it using the +you specify a third number it is interpreted as TTL. By default the TTL is +set to 255. The Bottom of Stack flag is set automatically, otherwise the frame +would be invalid, but if you want you can also set or unset it using the S (set) and s (unset) argument. Note that the BoS must be the last argument in each MPLS header definition. Here are some examples: .PP @@ -870,19 +870,19 @@ useless anyway). .PP .SS `-- IP: .PP -mausezahn allows you to send any (malformed or correct) IP packet. Every field +mausezahn allows you to send any malformed or correct IP packet. Every field in the IP header can be manipulated. The IP addresses can be specified via the \-A and \-B options, denoting the source and destination address, respectively. You can also specify an address range or a host name (FQDN). Additionally, the source address can also be random. By default the source address is your interface IP address and the destination address is a -broadcast. Here are some examples: +broadcast address. Here are some examples: .PP -Ascii payload: +ASCII payload: .PP mausezahn eth0 \-t ip \-A rand \-B 192.168.1.0/24 \-P "hello world" .PP -Hex payload: +Hexadecimal payload: .PP mausezahn eth0 \-t ip \-A 10.1.0.1-10.1.255.254 \-B 255.255.255.255 p=ca:fe:ba:be .PP @@ -891,21 +891,21 @@ Will use correct source IP address: mausezahn eth0 \-t ip \-B www.xyz.com .PP The Type of Service (ToS) byte can either be specified directly by two -hexadecimal digits (which means you can also easily set the Explicit -Congestion Notification (ECN) bits (LSB 1 and 2) or you may only want to +hexadecimal digits, which means you can also easily set the Explicit +Congestion Notification (ECN) bits (LSB 1 and 2), or you may only want to specify a common DSCP value (bits 3-8) using a decimal number (0..63): .PP Packet sent with DSCP = Expedited Forwarding (EF): .PP mausezahn eth0 \-t ip dscp=46,ttl=1,proto=1,p=08:00:5a:a2:de:ad:be:af .PP -If you leave the checksum zero (or unspecified) the correct checksum will +If you leave the checksum as zero (or unspecified) the correct checksum will be automatically computed. Note that you can only use a wrong checksum when you also specify at least one L2 field manually. .PP .SS `-- UDP: .PP -mausezahn support easy UDP datagram generation. Simply specify the +mausezahn supports easy UDP datagram generation. Simply specify the destination address (\-B option) and optionally an arbitrary source address (\-A option) and as arguments you may specify the port numbers using the dp (destination port) and sp (source port) arguments and a payload. You can @@ -924,23 +924,23 @@ Send a DNS request as local broadcast (often a local router replies): .PP Additionally you may specify the length and checksum using the len and sum arguments (will be set correctly by default). Note: several protocols have same -arguments such as len (length) and sum (checksum). If you specified a udp type +arguments such as len (length) and sum (checksum). If you specified a UDP type packet (via \-t udp) and want to modify the IP length, then use the alternate keyword iplen and ipsum. Also note that you must specify at least one L2 field -which tells mausezahn to build everything without help of your kernel (the -kernel would not allow to modify the IP checksum and the IP length). +which tells mausezahn to build everything without the help of your kernel (the +kernel would not allow modifying the IP checksum and the IP length). .PP .SS `-- ICMP: .PP mausezahn currently only supports the following ICMP methods: PING (echo request), Redirect (various types), Unreachable (various types). Additional ICMP types will be supported in future. Currently you would need to tailor them -by your own, e.g. using the IP packet builder (setting proto=1). Use the -mausezahn \-t icmp help for help on actually implemented options. +by your self, e.g. using the IP packet builder (setting proto=1). Use the +mausezahn \-t icmp help for help on currently implemented options. .PP .SS `-- TCP: .PP -mausezahn allows you to easily tailor any TCP packet. Similar as with UDP you +mausezahn allows you to easily tailor any TCP packet. Similarly as with UDP you can specify source and destination port (ranges) using the sp and dp arguments. Then you can directly specify the desired flags using an "|" as delimiter if you want to specify multiple flags. For example, a SYN-Flood attack against @@ -1008,9 +1008,9 @@ line options. .PP .SS `-- RTP and VoIP path measurements: .PP -mausezahn can send arbitrary Real Time Protocol (RTP) packets. Per default a -classical G.711 codec (20 ms segment size, 160 bytes) is assumed. You can -measure jitter, packet loss and reordering along a path between two hosts +mausezahn can send arbitrary Real Time Protocol (RTP) packets. By default a +typical G.711 codec packet of 20 ms segment size and 160 bytes is assumed. You +can measure jitter, packet loss, and reordering along a path between two hosts running mausezahn. The jitter measurement is either done following the variance low-pass filtered estimation specified in RFC 3550 or using an alternative "real-time" method which is even more precise (the RFC-method is used by @@ -1097,17 +1097,17 @@ can lead to a very huge number of frames to be sent. As a rule of thumb you can assume that about 100,000 frames and more are sent in a fraction of one second, depending on your network interface. .PP -mausezahn has been designed as fast traffic generator so you might easily -overwhelm a LAN segment with myriads of packets. And because mausezahn should +mausezahn has been designed as a fast traffic generator so you might easily +overwhelm a LAN segment with myriads of packets. As mausezahn should also support security audits it is also possible to create malicious or invalid packets, SYN floods, port and address sweeps, DNS and ARP poisoning, etc. .PP -Therefore, don't use this tool when you are not aware of possible consequences -or have only little knowledge about networks and data communication. If you -abuse mausezahn for 'unallowed' attacks and get caught, or damage something of -your own, then this is completely your fault. So the safest solution is to try -it out in a lab environment. +Therefore, don't use this tool when you are not aware of the possible +consequences or have only a little knowledge about networks and data +communication. If you abuse mausezahn for 'unallowed' attacks and get caught, +or damage something of your own, then this is completely your fault. So the +safest solution is to try it out in a lab environment. .PP Also have a look at the netsniff-ng(8) note section on how you can properly setup and tune your system. @@ -1118,7 +1118,7 @@ mausezahn is licensed under the GNU GPL version 2.0. .SH HISTORY .B mausezahn was originally written by Herbert Haas. According to his website [1], he -unfortunately passed away in 2011. Thus, having this tool unmaintained as well. +unfortunately passed away in 2011 thus leaving this tool unmaintained. It has been adopted and integrated into the netsniff-ng toolkit and is further being maintained and developed from there. Maintainers are Tobias Klauser <tklauser@distanz.ch> and Daniel Borkmann <dborkma@tik.ee.ethz.ch>. |