summaryrefslogtreecommitdiff
path: root/mausezahn.8
diff options
context:
space:
mode:
Diffstat (limited to 'mausezahn.8')
-rw-r--r--mausezahn.8242
1 files changed, 121 insertions, 121 deletions
diff --git a/mausezahn.8 b/mausezahn.8
index de9482b..b076154 100644
--- a/mausezahn.8
+++ b/mausezahn.8
@@ -14,7 +14,7 @@ mausezahn \- a fast versatile packet generator with Cisco-cli
.PP
mausezahn is a fast traffic generator which allows you to send nearly every
possible and impossible packet. In contrast to trafgen(8), mausezahn's packet
-configuration is on protocol-level instead of byte-level and mausezahn also
+configuration is on a protocol-level instead of byte-level and mausezahn also
comes with a built-in Cisco-like command-line interface, making it suitable
as a network traffic generator box in your network lab.
.PP
@@ -23,56 +23,56 @@ audits including penetration and DoS testing. As a traffic generator, mausezahn
is also able to test IP multicast or VoIP networks. Packet rates close to the
physical limit are reachable, depending on the hardware platform.
.PP
-mausezahn supports two modes, ``direct mode'' and a multi-threaded ``interactive
+mausezahn supports two modes, ''direct mode'' and a multi-threaded ''interactive
mode''.
.PP
-The ``direct mode'' allows you to create a packet directly on the command line
+The ''direct mode'' allows you to create a packet directly on the command line
and every packet parameter is specified in the argument list when calling
mausezahn.
.PP
-The ``interactive mode'' is an advanced multi-threaded configuration mode with
-its own command line interface (cli). This mode allows you to create an arbitrary
+The ''interactive mode'' is an advanced multi-threaded configuration mode with
+its own command line interface (CLI). This mode allows you to create an arbitrary
number of packet types and streams in parallel, each with different parameters.
.PP
The interactive mode utilizes a completely redesigned and more flexible protocol
-framework called ``mops'' (mausezahn's own packet system). The look and feel of
-the cli is very close to the Cisco IOS^tm command line.
+framework called ''mops'' (mausezahn's own packet system). The look and feel of
+the CLI is very close to the Cisco IOS^tm command line interface.
.PP
-You can start the interactive mode by executing mausezahn with the ``\-x''
+You can start the interactive mode by executing mausezahn with the ''\-x''
argument (an optional port number may follow, otherwise it is 25542). Then use
telnet(1) to connect to this mausezahn instance. If not otherwise specified,
-the default login/password combination is mz:mz and the enable password is: mops.
+the default login and password combination is mz:mz and the enable password is: mops.
This can be changed in /etc/netsniff-ng/mausezahn.conf.
.PP
-The direct mode supports two specification schemes: The ``raw-layer-2'' scheme,
-where every single byte to be sent can be specified, and ``higher-layer'' scheme,
-where packet builder interfaces are used (using the ``\-t'' option).
+The direct mode supports two specification schemes: The ''raw-layer-2'' scheme,
+where every single byte to be sent can be specified, and ''higher-layer'' scheme,
+where packet builder interfaces are used (using the ''\-t'' option).
.PP
-To use the ``raw-layer-2'' scheme, simply specify the desired frame as a
-hexadecimal sequence (the ``hex-string''), such as:
+To use the ''raw-layer-2'' scheme, simply specify the desired frame as a
+hexadecimal sequence (the ''hex-string''), such as:
.PP
mausezahn eth0 "00:ab:cd:ef:00 00:00:00:00:00:01 08:00 ca:fe:ba:be"
.PP
In this example, whitespaces within the byte string are optional and separate
the Ethernet fields (destination and source address, type field, and a short
-payload). The only additional options supported are ``\-a'', ``\-b'', ``\-c'',
-and ``\-p''. The frame length must be greater than or equal to 15 bytes.
+payload). The only additional options supported are ''\-a'', ''\-b'', ''\-c'',
+and ''\-p''. The frame length must be greater than or equal to 15 bytes.
.PP
-The ``higher-layer'' scheme is enabled using the ``\-t <packet-type>'' option.
-This option activates a packet builder, and besides the ``packet-type'', an
-optional ``arg-string'' can be specified. The ``arg-string'' contains packet-
-specific parameters, such as TCP flags, port numbers, etc (see example section).
+The ''higher-layer'' scheme is enabled using the ''\-t <packet-type>'' option.
+This option activates a packet builder, and besides the ''packet-type'', an
+optional ''arg-string'' can be specified. The ''arg-string'' contains packet-
+specific parameters, such as TCP flags, port numbers, etc. (see example section).
.PP
.SH OPTIONS
.PP
-mausezahn provides a built-in context-specific help. Thus, simply append the
-keyword ``help'' after the configuration options. The most important options
+mausezahn provides a built-in context-specific help. Append the keyword
+''help'' after the configuration options. The most important options
are:
.PP
.SS -x [<port>]
-Start mausezahn in interactive mode with a Cisco-like cli. Use telnet to log
+Start mausezahn in interactive mode with a Cisco-like CLI. Use telnet to log
into the local mausezahn instance. If no port has been specified, port 25542
-is used as default.
+is used by default.
.PP
.SS -v
Verbose mode. Capital \-V is even more verbose.
@@ -91,7 +91,7 @@ Send the packet count times (default: 1, infinite: 0).
Apply delay between transmissions. The delay value can be specified in usec
(default, no additional unit needed), or in msec (e.g. 100m or 100msec), or
in seconds (e.g. 100s or 100sec). Note: mops also supports nanosecond delay
-granulation if you need it (see interactive mode).
+resolution if you need it (see interactive mode).
.PP
.SS -p <length>
Pad the raw frame to specified length using zero bytes. Note that for raw
@@ -99,24 +99,24 @@ layer 2 frames the specified length defines the whole frame length, while for
higher layer packets the number of additional padding bytes are specified.
.PP
.SS -a <src-mac|keyword>
-Use specified source MAC address with hex notation such as 00:00:aa:bb:cc:dd.
-By default the interface MAC address will be used. The keywords ``rand'' and
-``own'' refer to a random MAC address (only unicast addresses are created)
+Use specified source MAC address with hexadecimal notation such as 00:00:aa:bb:cc:dd.
+By default the interface MAC address will be used. The keywords ''rand'' and
+''own'' refer to a random MAC address (only unicast addresses are created)
and the own address, respectively. You can also use the keywords mentioned
below although broadcast-type source addresses are officially invalid.
.PP
.SS -b <dst-mac|keyword>
Use specified destination MAC address. By default, a broadcast is sent in raw
-layer 2 mode or the destination hosts/gateways interface MAC address in normal
+layer 2 mode or to the destination hosts or gateway interface MAC address in normal
(IP) mode. You can use the same keywords as mentioned above, as well as
-``bc'' or ``bcast'', ``cisco'', and ``stp''. Please note that for the destination
-MAC address the ``rand'' keyword is supported but creates a random address only
+''bc'' or ''bcast'', ''cisco'', and ''stp''. Please note that for the destination
+MAC address the ''rand'' keyword is supported but creates a random address only
once, even when you send multiple packets.
.PP
.SS -A <src-ip|range|rand>
-Use specified source IP address, default is own interface IP. Optionally, the
-keyword ``rand'' can again be used for a random source IP address or a range
-can be specified, such as ``192.168.1.1-192.168.1.100'' or ``10.1.0.0/16''.
+Use specified source IP address, default is own interface address. Optionally, the
+keyword ''rand'' can again be used for a random source IP address or a range
+can be specified, such as ''192.168.1.1-192.168.1.100'' or ''10.1.0.0/16''.
Also, a DNS name can be specified for which mausezahn tries to determine the
corresponding IP address automatically.
.PP
@@ -126,49 +126,49 @@ As with the source address (see above) you can also specify a range or a DNS nam
.PP
.SS -t <packet-type>
Create the specified packet type using the built-in packet builder. Currently,
-supported packet types are: ``arp'', ``bpdu'', ``ip'', ``udp'', ``tcp'', ``rtp'',
-and ``dns''. Currently, there is also limited support for ``icmp''. Type
-``\-t help'' to verify which packet builders your actual mausezahn version
-supports. Also, for any particular packet type, for example ``tcp'' type
-``mausezahn \-t tcp help'' to receive a more in-depth context specific help.
+supported packet types are: ''arp'', ''bpdu'', ''ip'', ''udp'', ''tcp'', ''rtp'',
+and ''dns''. Currently, there is also limited support for ''icmp''. Type
+''\-t help'' to verify which packet builders your actual mausezahn version
+supports. Also, for any particular packet type, for example ''tcp'' type
+''mausezahn \-t tcp help'' to receive a more in-depth context specific help.
.PP
.SS -T <packet-type>
-Make this mausezahn instance the receiving station. Currently, only ``rtp'' is
+Make this mausezahn instance the receiving station. Currently, only ''rtp'' is
an option here and provides precise jitter measurements. For this purpose, start
another mausezahn instance on the sending station and the local receiving station
-will output jitter statistics. See ``mausezahn \-T rtp help'' for a detailed help.
+will output jitter statistics. See ''mausezahn \-T rtp help'' for a detailed help.
.PP
.SS -Q <[CoS:]vlan> [, <[CoS:]vlan>, ...]
Specify 802.1Q VLAN tag and optional Class of Service. An arbitrary number of
-VLAN tags can be specified (that is you can simulate QinQ or even QinQinQinQ..).
+VLAN tags can be specified (that is, you can simulate QinQ or even QinQinQinQ..).
Multiple tags must be separated via a comma or a period (e.g. "5:10,20,2:30").
VLAN tags are not supported for ARP and BPDU packets (in which case you could
-specify the whole frame in hex using the raw layer 2 interface of mausezahn).
+specify the whole frame in hexadecimal using the raw layer 2 interface of mausezahn).
.PP
.SS -M <label[:cos[:ttl]][bos]> [, <label...>]
Specify a MPLS label or even a MPLS label stack. Optionally, for each label the
experimental bits (usually the Class of Service, CoS) and the Time To Live
-(TTL) can be specified. And if you are really crazy you can set/unset the
-Bottom of Stack (BoS) bit at each label using the ``S'' (set) and ``s''
-(unset) option. By default, the BoS is set automatically and correct. Any other
-setting will lead to invalid frames. Enter ``\-M help'' for detailed instructions
+(TTL) can be specified. If you are really crazy you can set and unset the
+Bottom of Stack (BoS) bit for each label using the ''S'' (set) and ''s''
+(unset) option. By default, the BoS is set automatically and correctly. Any other
+setting will lead to invalid frames. Enter ''\-M help'' for detailed instructions
and examples.
.PP
.SS -P <ascii-payload>
Specify a cleartext payload. Alternatively, each packet type supports a
-hexadecimal specification of the payload (see for example ``\-t udp help'').
+hexadecimal specification of the payload (see for example ''\-t udp help'').
.PP
.SS -f <filename>
-Read the ascii payload from the specified file.
+Read the ASCII payload from the specified file.
.PP
.SS -F <filename>
-Read the hex payload from the specified file. Actually, this file must be also
-an ascii text file, but must contain hexadecimal digits, e.g. "aa:bb:cc:0f:e6...".
+Read the hexadecimal payload from the specified file. Actually, this file must be also
+an ASCII text file, but must contain hexadecimal digits, e.g. "aa:bb:cc:0f:e6...".
You can use also spaces as separation characters.
.PP
.SH USAGE EXAMPLE
.PP
-For more comprehensive examples, have a look at the two follow-up howto sections.
+For more comprehensive examples, have a look at the two followng HOWTO sections.
.PP
.SS mausezahn eth0 \-c 0 \-d 2s \-t bpdu vlan=5
Send BPDU frames for VLAN 5 as used with Cisco's PVST+ type of STP. By default
@@ -181,7 +181,7 @@ Perform a CAM table overflow attack.
Perform a SYN flood attack to another VLAN using VLAN hopping. This only works
if you are connected to the same VLAN which is configured as native VLAN on the
trunk. We assume that the victim VLAN is VLAN 100 and the native VLAN is VLAN 5.
-Lets attack every host in VLAN 100 which use a IP prefix of 10.100.100.0/24, also
+Lets attack every host in VLAN 100 which use an IP prefix of 10.100.100.0/24, also
try out all ports between 1 and 1023 and use a random source IP address.
.PP
.SS mausezahn eth0 \-c 0 \-d 10msec \-B 230.1.1.1 \-t udp "dp=32000,dscp=46" \-P "Multicast test packet"
@@ -254,7 +254,7 @@ It is recommended to configure your own login credentials in
.SS Basics:
.PP
Since you reached the mausezahn prompt, lets try some common commands. You can
-use the '?' character at any time for a content-sensitive help.
+use the '?' character at any time for content-sensitive help.
.PP
First try out the show command:
.PP
@@ -332,7 +332,7 @@ description for them:
mz(config-pkt-2)# name Test
mz(config-pkt-2)# desc This is just a test
.PP
-You can e.g. change the default settings for the source and destination MAC/IP
+You can, for example, change the default settings for the source and destination MAC or IP
addresses using the mac and ip commands:
.PP
mz(config-pkt-2)# ip address dest 10.1.1.0 /24
@@ -340,7 +340,7 @@ addresses using the mac and ip commands:
.PP
In the example above, we configured a range of addresses (all hosts in the
network 10.1.1.0 should be addressed). Additionally we spoof our source IP
-address. Of course, we can also add one or more VLAN and/or MPLS tag(s):
+address. Of course, we can also add one or more VLAN and, or, MPLS tag(s):
.PP
mz(config-pkt-2)# tag ?
dot1q Configure 802.1Q (and 802.1P) parameters
@@ -372,7 +372,7 @@ unit is given).
.SS Configuring protocol types:
.PP
mausezahn's interactive mode supports a growing list of protocols and only
-relies on the MOPS architecture (and not on libnet as it is the case with
+relies on the MOPS architecture (and not on libnet as is the case with
the legacy direct mode):
.PP
mz(config-pkt-2)# type
@@ -402,7 +402,7 @@ the legacy direct mode):
fin set or unset the TCP FIN flag
window Configure the TCP window size
checksum Configure the TCP checksum
- urgent-pointer Configure the TCP urgend pointer
+ urgent-pointer Configure the TCP urgent pointer
options Configure TCP options
end End TCP configuration mode
mz(config-pkt-2-tcp)# flags syn fin rst
@@ -553,7 +553,7 @@ actual interval when viewing the packet details via the 'show packet 2' command.
.SS Load prepared configurations:
.PP
You can prepare packet configurations using the same commands as you would
-type them in on the CLI and then load them to the CLI. For example assume we
+type them in on the CLI and then load them to the CLI. For example, assume we
have prepared a file 'test.mops' containing:
.PP
configure terminal
@@ -577,7 +577,7 @@ command:
.PP
The file src/examples/mausezahn/example_lldp.conf contains another example
list of commands to create a bogus LLDP packet. You can load this
-configuration from the mausezahn command line, e.g. via:
+configuration from the mausezahn command line as follows:
.PP
mz# load /home/hh/tmp/example_lldp.conf
.PP
@@ -585,7 +585,7 @@ In case you copied the file in that path. Now when you enter 'show packet' you
will see a new packet entry in the packet list. Use the 'start slot <nr>'
command to activate this packet.
.PP
-You can store your own packet creations in such file and easily load them when
+You can store your own packet creations in such a file and easily load them when
you need them. Every command within such configuration files is executed on the
command line interface as if you had typed it in -- so be careful about the
order and don't forget to use 'configure terminal' as first command.
@@ -594,7 +594,7 @@ You can even load other files from within a central config file.
.PP
.SH DIRECT MODE HOWTO
.PP
-.SS How to specify hex digits:
+.SS How to specify hexadecimal digits:
.PP
Many arguments allow direct byte input. Bytes are represented as two
hexadecimal digits. Multiple bytes must be separated either by spaces, colons,
@@ -608,7 +608,7 @@ frame right through your network card:
.PP
mausezahn ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:ff:08:00:ca:fe:ba:be
.PP
- or equivalently but more readable:
+ or equivalent but more readable:
.PP
mausezahn ff:ff:ff:ff:ff:ff-ff:ff:ff:ff:ff:ff-08:00-ca:fe:ba:be
.PP
@@ -637,7 +637,7 @@ examples:
mausezahn eth3 \-t udp sp=69,dp=69,p=ca:fe:ba:be
.PP
Note: Don't forget that on the CLI the Linux shell (usually the Bash)
-interprets spaces as a delimiter character. That is, if you are specifying
+interprets spaces as a delimiting character. That is, if you are specifying
an argument that consists of multiple words with spaces in between, you MUST
group these within quotes. For example, instead of
.PP
@@ -647,7 +647,7 @@ group these within quotes. For example, instead of
.PP
mausezahn eth0 \-t udp sp=1,dp=80,p=00:11:22:33
.PP
- or, even more safe, use quotes:
+ or, for greater safety, use quotes:
.PP
mausezahn eth0 \-t udp "sp=1,dp=80,p=00:11:22:33"
.PP
@@ -663,16 +663,16 @@ is used outside the quotes!
An important argument is \-t which invokes a packet builder. Currently there
are packet builders for ARP, BPDU, CDP, IP, partly ICMP, UDP, TCP, RTP, DNS,
and SYSLOG. (Additionally you can insert a VLAN tag or a MPLS label stack but
-this works independent of the packet builder.)
+this works independently of the packet builder.)
.PP
-You get context specific help of each packet builder using the help keyword,
+You get context specific help for every packet builder using the help keyword,
such as:
.PP
mausezahn \-t bpdu help
mausezahn \-t tcp help
.PP
For every packet you may specify an optional payload. This can be done either
-via HEX notation using the payload (or short p) argument or directly as ASCII
+via hexadecimal notation using the payload (or short p) argument or directly as ASCII
text using the \-P option:
.PP
mausezahn eth0 \-t ip \-P "Hello World" # ASCII payload
@@ -681,14 +681,14 @@ text using the \-P option:
p=68:65:6c:6c:6f:20:77:6f:72:6c:64, \\ # same with other
ttl=1" # IP arguments
.PP
-Note: The raw link access mode only accepts hex payloads (because you specify
-everything in hex here.)
+Note: The raw link access mode only accepts hexadecimal payloads (because you specify
+everything in hexadecimal here.)
.PP
.SS Packet count and delay:
.PP
By default only one packet is sent. If you want to send more packets then
use the count option \-c <count>. When count is zero then mausezahn will send
-forever. By default mausezahn sends at maximum speed (and this is really
+forever. By default, mausezahn sends at maximum speed (and this is really
fast ;-)). If you don't want to overwhelm your network devices or have other
reasons to send at a slower rate then you might want to specify a delay using
the \-d <delay> option.
@@ -698,7 +698,7 @@ Alternatively, for easier use, you might specify units such as seconds, sec,
milliseconds, or msec. (You can also abbreviate this with s or m.)
Note: Don't use spaces between the value and the unit! Here are typical examples:
.PP
-Send infinite frames as fast as possible:
+Send an infinite number of frames as fast as possible:
.PP
mausezahn \-c 0 "aa bb cc dd ...."
.PP
@@ -706,7 +706,7 @@ Send 100,000 frames with a 50 msec interval:
.PP
mausezahn \-c 100000 \-d 50msec "aa bb cc dd ...."
.PP
-Send infinite BPDU frames in a 2 second interval:
+Send an unlimited number of BPDU frames in a 2 second interval:
.PP
mausezahn \-c 0 \-d 2s \-t bpdu conf
.PP
@@ -715,15 +715,15 @@ example 2.5 seconds then express this in milliseconds (2500 msec).
.PP
.SS Source and destination addresses:
.PP
-A mnemonic trick to keep in mind is that all packets run from "A" to "B". You can
-always specify source and/or destination MAC addresses using the \-a and \-b
+As a mnemonic trick keep in mind that all packets run from "A" to "B". You can
+always specify source and destination MAC addresses using the \-a and \-b
options, respectively. These options also allow keywords such as rand, own,
bpdu, cisco, and others.
.PP
Similarly, you can specify source and destination IP addresses using the \-A
and \-B options, respectively. These options also support FQDNs (i.e. domain
names) and ranges such as 192.168.0.0/24 or 10.0.0.11-10.0.3.22. Additionally,
-the source address supports the rand keyword (ideal for "attacks").
+the source address option supports the rand keyword (ideal for "attacks").
.PP
Note: When you use the packet builder for IP-based packets (e.g. UDP or TCP)
then mausezahn automatically cares about correct MAC and IP addresses (i.e.
@@ -741,11 +741,11 @@ interface:
.PP
mausezahn eth0 "ff:ff:ff:ff:ff:ff ff:ff:ff:ff:ff:ff 00:00 ca:fe:ba:be"
.PP
-This way you can craft every packet you want but by hand. Note: On WiFi
-interfaces the header is much more complicated and automatically created
-by the WiFi-driver. An example to introduce some interesting options, say,
-let's continuously send frames at max speed with a random source MAC address
-and a broadcast destination address, additionally pad the frame to 1000 bytes:
+This way you can craft every packet you want but you must do it by hand. Note:
+On Wi-Fi interfaces the header is much more complicated and automatically
+created by the Wi-Fi driver. As an example to introduce some interesting options,
+lets continuously send frames at max speed with random source MAC address and
+broadcast destination address, additionally pad the frame to 1000 bytes:
.PP
mausezahn eth0 \-c 0 \-a rand \-b bcast \-p 1000 "08 00 aa bb cc dd"
.PP
@@ -758,10 +758,10 @@ least 15 bytes for technical reasons. Zero bytes are used for padding.
.PP
mausezahn provides a simple interface to the ARP packet. You can specify the
ARP method (request|reply) and up to four arguments: sendermac, targetmac,
-senderip, and targetip, or, short smac, tmac, sip, and tip. By default an ARP
-reply is sent with your own interface's source MAC and IP address, and a broadcast
-destination MAC/IP address. The following example sends a gratitious ARP (as
-used for duplicate IP detection):
+senderip, targetip, or short smac, tmac, sip, tip. By default, an ARP reply is
+sent with your own interface addresses as source MAC and IP address, and a
+broadcast destination MAC and IP address. Send a gratuitous ARP request (as used for
+duplicate IP address detection):
.PP
mausezahn eth0 \-t arp
.PP
@@ -771,22 +771,21 @@ ARP cache poisoning:
targetip=172.16.1.50"
.PP
where by default your interface MAC address will be used as sendermac,
-senderip denotes the spoofed IP, targetmac and targetip identifies the
-receiver. By default the Ethernet source address is your interface MAC and the
-destination address is broadcast. Of course you can change this using the
-flags \-a and \-b.
+senderip denotes the spoofed IP address, targetmac and targetip identifies the
+receiver. By default, the Ethernet source address is your interface MAC and the
+destination address is the broadcast address. You can change this
+using the flags \-a and \-b.
.PP
.SS `-- BPDU:
.PP
-mausezahn provides a simple interface to the 802.1d BPDU frame format (used to
-create the Spanning Tree in bridged networks). By default standard IEEE 802.1d
-(CST) BPDUs are sent and it is assumed that your computer wants to become the
+mausezahn provides a simple interface to the 802.1D BPDU frame format (used to
+create the Spanning Tree in bridged networks). By default, standard IEEE 802.1D
+BPDUs are sent and it is assumed that your computer wants to become the
root bridge (rid=bid). Optionally the 802.3 destination address can be a
specified MAC address, broadcast, own MAC, or Cisco's PVST+ MAC address. The
-destination MAC can be specified using the \-b command which (besides MAC
-addresses) accepts keywords such as bcast, own, pvst, or stp (default).
-Version 0.16 PVST+ is supported. Simply specify the VLAN for which you want
-to send a BPDU:
+destination MAC can be specified using the \-b command which, besides MAC
+addresses, accepts keywords such as bcast, own, pvst, or stp (default). PVST+
+is supported as well. Simply specify the VLAN for which you want to send a BPDU:
.PP
mausezahn eth0 \-t bpdu "vlan=123, rid=2000"
.PP
@@ -831,7 +830,8 @@ Mix it with MPLS:
.PP
When in raw Layer 2 mode you must create the VLAN tag completely by yourself.
For example if you want to send a frame in VLAN 5 using CoS 0 simply specify
-81:00 as type field and for the next two bytes the CoS (, CFI) and VLAN values:
+81:00 as type field and for the next two bytes the CoS (PCP), DEI (CFI), and
+VLAN ID values (all together known as TCI):
.PP
mausezahn eth0 \-b bc \-a rand "81:00 00:05 08:00 aa-aa-aa-aa-aa-aa-aa-aa-aa"
.PP
@@ -841,8 +841,8 @@ mausezahn allows you to insert one or more MPLS headers. Simply use the option
\-M <label:CoS:TTL:BoS> where only the label is mandatory. If you specify a
second number it is interpreted as the experimental bits (the CoS usually). If
you specify a third number it is interpreted as TTL. By default the TTL is
-set to 255. The Bottom of Stack flag is set automatically (otherwise the frame
-would be invalid) but if you want you can also set or unset it using the
+set to 255. The Bottom of Stack flag is set automatically, otherwise the frame
+would be invalid, but if you want you can also set or unset it using the
S (set) and s (unset) argument. Note that the BoS must be the last argument in
each MPLS header definition. Here are some examples:
.PP
@@ -870,19 +870,19 @@ useless anyway).
.PP
.SS `-- IP:
.PP
-mausezahn allows you to send any (malformed or correct) IP packet. Every field
+mausezahn allows you to send any malformed or correct IP packet. Every field
in the IP header can be manipulated. The IP addresses can be specified via
the \-A and \-B options, denoting the source and destination address,
respectively. You can also specify an address range or a host name (FQDN).
Additionally, the source address can also be random. By default the source
address is your interface IP address and the destination address is a
-broadcast. Here are some examples:
+broadcast address. Here are some examples:
.PP
-Ascii payload:
+ASCII payload:
.PP
mausezahn eth0 \-t ip \-A rand \-B 192.168.1.0/24 \-P "hello world"
.PP
-Hex payload:
+Hexadecimal payload:
.PP
mausezahn eth0 \-t ip \-A 10.1.0.1-10.1.255.254 \-B 255.255.255.255 p=ca:fe:ba:be
.PP
@@ -891,21 +891,21 @@ Will use correct source IP address:
mausezahn eth0 \-t ip \-B www.xyz.com
.PP
The Type of Service (ToS) byte can either be specified directly by two
-hexadecimal digits (which means you can also easily set the Explicit
-Congestion Notification (ECN) bits (LSB 1 and 2) or you may only want to
+hexadecimal digits, which means you can also easily set the Explicit
+Congestion Notification (ECN) bits (LSB 1 and 2), or you may only want to
specify a common DSCP value (bits 3-8) using a decimal number (0..63):
.PP
Packet sent with DSCP = Expedited Forwarding (EF):
.PP
mausezahn eth0 \-t ip dscp=46,ttl=1,proto=1,p=08:00:5a:a2:de:ad:be:af
.PP
-If you leave the checksum zero (or unspecified) the correct checksum will
+If you leave the checksum as zero (or unspecified) the correct checksum will
be automatically computed. Note that you can only use a wrong checksum when
you also specify at least one L2 field manually.
.PP
.SS `-- UDP:
.PP
-mausezahn support easy UDP datagram generation. Simply specify the
+mausezahn supports easy UDP datagram generation. Simply specify the
destination address (\-B option) and optionally an arbitrary source address
(\-A option) and as arguments you may specify the port numbers using the
dp (destination port) and sp (source port) arguments and a payload. You can
@@ -924,11 +924,11 @@ Send a DNS request as local broadcast (often a local router replies):
.PP
Additionally you may specify the length and checksum using the len and sum
arguments (will be set correctly by default). Note: several protocols have same
-arguments such as len (length) and sum (checksum). If you specified a udp type
+arguments such as len (length) and sum (checksum). If you specified a UDP type
packet (via \-t udp) and want to modify the IP length, then use the alternate
keyword iplen and ipsum. Also note that you must specify at least one L2 field
-which tells mausezahn to build everything without help of your kernel (the
-kernel would not allow to modify the IP checksum and the IP length).
+which tells mausezahn to build everything without the help of your kernel (the
+kernel would not allow modifying the IP checksum and the IP length).
.PP
.SS `-- ICMP:
.PP
@@ -936,11 +936,11 @@ mausezahn currently only supports the following ICMP methods: PING (echo
request), Redirect (various types), Unreachable (various types). Additional
ICMP types will be supported in future. Currently you would need to tailor them
by yourself, e.g. using the IP packet builder (setting proto=1). Use the
-mausezahn \-t icmp help for help on actually implemented options.
+mausezahn \-t icmp help for help on currently implemented options.
.PP
.SS `-- TCP:
.PP
-mausezahn allows you to easily tailor any TCP packet. Similar as with UDP you
+mausezahn allows you to easily tailor any TCP packet. Similarly as with UDP you
can specify source and destination port (ranges) using the sp and dp arguments.
Then you can directly specify the desired flags using an "|" as delimiter if
you want to specify multiple flags. For example, a SYN-Flood attack against
@@ -1008,8 +1008,8 @@ line options.
.SS `-- RTP and VoIP path measurements:
.PP
mausezahn can send arbitrary Real Time Protocol (RTP) packets. By default a
-classical G.711 codec (20 ms segment size, 160 bytes) is assumed. You can
-measure jitter, packet loss and reordering along a path between two hosts
+classical G.711 codec packet of 20 ms segment size and 160 bytes is assumed. You
+can measure jitter, packet loss, and reordering along a path between two hosts
running mausezahn. The jitter measurement is either done following the variance
low-pass filtered estimation specified in RFC 3550 or using an alternative
"real-time" method which is even more precise (the RFC-method is used by
@@ -1096,16 +1096,16 @@ can lead to a very huge number of frames to be sent. As a rule of thumb you
can assume that about 100,000 frames and more are sent in a fraction of one
second, depending on your network interface.
.PP
-mausezahn has been designed as fast traffic generator so you might easily
+mausezahn has been designed as a fast traffic generator so you might easily
overwhelm a LAN segment with myriads of packets. And because mausezahn could
also support security audits it is possible to create malicious or invalid
packets, SYN floods, port and address sweeps, DNS and ARP poisoning, etc.
.PP
-Therefore, don't use this tool when you are not aware of possible consequences
-or have only little knowledge about networks and data communication. If you
-abuse mausezahn for 'unallowed' attacks and get caught, or damage something of
-your own, then this is completely your fault. So the safest solution is to try
-it out in a lab environment.
+Therefore, don't use this tool when you are not aware of the possible
+consequences or have only a little knowledge about networks and data
+communication. If you abuse mausezahn for 'unallowed' attacks and get caught,
+or damage something of your own, then this is completely your fault. So the
+safest solution is to try it out in a lab environment.
.PP
Also have a look at the netsniff-ng(8) note section on how you can properly
setup and tune your system.
@@ -1116,7 +1116,7 @@ mausezahn is licensed under the GNU GPL version 2.0.
.SH HISTORY
.B mausezahn
was originally written by Herbert Haas. According to his website [1], he
-unfortunately passed away in 2011. Thus, having this tool unmaintained as well.
+unfortunately passed away in 2011 thus leaving this tool unmaintained.
It has been adopted and integrated into the netsniff-ng toolkit and is further
being maintained and developed from there. Maintainers are Tobias Klauser
<tklauser@distanz.ch> and Daniel Borkmann <dborkma@tik.ee.ethz.ch>.