Arp sp00fing c0de

docs/nmap.1

@@ -500,10 +500,27 @@ while ethernet frames work best on the many Windows versions where
 Microsoft has disabled raw sockets support.  Nmap still uses raw IP
 packets when there is no other choice (such as non-ethernet
 connections).
+.TP
 .B --send_ip
 Asks Nmap to send packets via raw IP sockets rather than sending lower
 level ethernet frames.  It is the complement to the --send-eth
 option.discussed previously.
+.TP
+.B \--spoof_mac [mac, prefix, or vendor substring]
+Ask Nmap to use the given MAC address for all of the raw ethernet
+frames it sends.  The MAC given can take several formats.  If it is
+simply the string "0", Nmap chooses a completely random MAC for the
+session.  If the given string is an even number of hex digits (with
+the pairs optionally separated by a colon), Nmap will use those as the
+MAC.  If less than 12 hex digits are provided, Nmap fills in the
+remainder of the 6 bytes with random values.  If the argument isn't a
+0 or hex string, Nmap looks through the nmap-mac-prefixes to find a
+vendor name containing the given string (it is case insensitive).  If
+a match is found, Nmap uses the vendor's OUI (3-byte prefix) and fills
+out the remaining 3 bytes randomly.  Valid --spoof_mac argument
+examples are "Apple", "0", "01:02:03:04:05:06", "deadbeefcafe",
+"0020F2", and "Cisco".
+.TP
 .B \-f
 This option causes the requested scan (including ping scans) to use
 tiny fragmented IP packets.  The idea is to split up the TCP header

docs/nmap.usage.txt

@@ -1,4 +1,4 @@
-Nmap 3.83.SOC2 Usage: nmap [Scan Type(s)] [Options] <host or net list>
+Nmap 3.83.SOC3 Usage: nmap [Scan Type(s)] [Options] <host or net list>
 Some Common Scan Types ('*' options require root privileges)
 * -sS TCP SYN stealth port scan (default if privileged (root))
   -sT TCP connect() port scan (default for unprivileged users)

docs/nmap_manpage.html

@@ -461,7 +461,7 @@
               or  other  scan  types,  have  a  look  at  http://nmap6.source-
               forge.net/ .
 
-       <B>--send-eth</B>
+       <B>--send_eth</B>
               Asks Nmap to send packets at the raw ethernet (data link)  layer
               rather  than  the  higher  IP (network) layer.  By default, Nmap
               chooses the one which is generally best for the platform  it  is
@@ -469,7 +469,7 @@
               for UNIX machines, while ethernet frames work best on  the  many
               Windows  versions  where Microsoft has disabled raw sockets sup-
               port.  Nmap still uses raw IP packets when  there  is  no  other
-              choice  (such as non-ethernet connections).  <B>--send-ip</B> Asks Nmap
+              choice  (such as non-ethernet connections).  <B>--send_ip</B> Asks Nmap
               to send packets via raw IP sockets  rather  than  sending  lower
               level  ethernet  frames.  It is the complement to the --send-eth
               option.discussed  previously.   <B>-f</B>  This   option   causes   the
@@ -544,7 +544,7 @@
               URL  is  often  more useful, but the local filesystem locaton of
               nmap.xsl is used by default for privacy reasons.
 
-       <B>--no-stylesheet</B>
+       <B>--no_stylesheet</B>
               Specify this option to prevent Nmap  from  associating  any  XSL
               stylesheet with its XML output.  The xml-stylesheet directive is
               omitted.