Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

prads(1) [debian man page]

PRADS(1)							    networking								  PRADS(1)

NAME

       PRADS - Passive Real-time Asset Detection System

SYNOPSIS

	  prads -i eth1 -v

DESCRIPTION

       PRADS is a Passive Real-time Asset Detection System.

       PRADS  employs  digital fingerprints to recognize services on the wire, and can be used to map your network and monitor for changes in real
       time.

       Real-time passive traffic analysis will also let you detect assets that are just connected to the network for a short period of time, since
       PRADS can glean useful information from every packet.

       PRADS  aims  to	be the one-stop-shop for passive asset detection, and currently does MAC lookups, TCP and UDP OS fingerprinting as well as
       client and service application matching and a connection state table. Various output plugins include logfile and FIFO and make PRADS a use-
       ful replacement for p0f, pads and sancp.

       PRADS was built from the ground up for a small footprint and modern networks with IPv6 and gigabits of throughput.

OPTIONS

	  -i <iface>
		 Network device <iface> (default: eth0).

	  -r <file>
		 Read pcap <file>.

	  -c <file>
		 Read config from <file>

	  -b <filter>
		 Apply Berkeley packet filter <filter>.

	  -u <user>
		 Run as user <user>.

	  -g <group>
		 Run as group <group>.

	  -a <nets>
		 Specify home nets (eg: '192.168.0.0/25,10.0.0.0/255.0.0.0').

	  -D	 Enables daemon mode.

	  -p <pidfile>
		 Name of pidfile - inside chroot

	  -l <file>
		 Log assets to <file> (default: '/var/log/prads-asset.log')

	  -f <FIFO>
		 Log assets to <FIFO> -C <dir>	      Chroot into <dir> before dropping privs.

	  -XFRMSAK
		 Flag picker: X - clear flags, F:FIN, R:RST, M:MAC, S:SYN, A:ACK, K:SYNACK

	  -UTtI  Service checks: U:UDP, T:TCP-server, I:ICMP, t:TCP-cLient

	  -s <snaplen>
		 Dump <snaplen> bytes of each payload.

	  -v	 Verbose output - repeat for more verbosity.

	  -q	 Quiet - try harder not to produce output.

	  -O	 Connection tracking [O]utput - per-packet!

	  -x	 Conne[x]ion tracking output  - New, expired and ended.

	  -h	 This help message.

PROBLEMS

       1. Doesn't detect everything out there :-P

SEE ALSO

       o PRADS <http://prads.projects.linpro.no/>

       o p0f <http://lcamtuf.coredump.cx/p0f.shtml>

       o PADS <http://passive.sourceforge.net/>

BUGS

       Report bugs here:

       o http://github.com/gamelinux/prads/issues

       For general questions:

       o http://projects.linpro.no/mailman/listinfo/prads-devel

       o http://projects.linpro.no/mailman/listinfo/prads-users

AUTHOR

       Edward Bjarte Fjellskal <edwardfjellskaal@gmail.com>, Kacper Wysocki <comotion@users.sf.net>

COPYRIGHT

       GPL

0.2								    2010-06-17								  PRADS(1)

Check Out this Related Man Page

PRADS-ASSET-REPORT(1)						    networking						     PRADS-ASSET-REPORT(1)

NAME

       prads-asset-report - PRADS Text Reporting Module

SYNOPSIS

	  prads-asset-report -r /var/log/prads-asset.log -w /tmp/asset-report.txt

DESCRIPTION

       PRADS is a Passive Real-time Asset Detection System.

       PRADS  passively  listens  to network traffic and gathers information on hosts and services it sees on the network. This information can be
       used to map your network, letting you know what services and hosts are alive/used, or can be used together with your favorite IDS/IPS setup
       for "event to host/service" correlation.

       Gathering  info	about your hosts in real-time will also let you detect assets that are just connected to the network for a short period of
       time, where a active network scan (nmap etc.) would take long time, and not common to run continually, hence missing the asset.

       prads-asset-report parses prads-asset.log prints out some useful information about the hosts prads has managed to gather info about.

OPTIONS

       -r <file>
	      PRADS Raw Report File

       -w <file>
	      Output file

       -i <IP>
	      Just get info for this IP

       -n     Do not convert IP addresses to names.

       -p     Do not convert RFC 1918 IP addresses to names.

PROBLEMS

       1. Much more logic can be built into it!

SEE ALSO

       o PRADS <http://prads.projects.linpro.no/>

       o p0f <http://lcamtuf.coredump.cx/p0f.shtml>

       o PADS <http://passive.sourceforge.net/>

BUGS

       Report bugs here:

       o http://github.com/gamelinux/prads/issues

       For general questions:

       o http://projects.linpro.no/mailman/listinfo/prads-devel

       o http://projects.linpro.no/mailman/listinfo/prads-users

AUTHOR

       edwardfjellskaal@gmail.com

COPYRIGHT

       GPL

0.2								    2010-06-21						     PRADS-ASSET-REPORT(1)
Man Page