Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

prads(1) [debian man page]

PRADS(1)							    networking								  PRADS(1)

NAME

       PRADS - Passive Real-time Asset Detection System

SYNOPSIS

	  prads -i eth1 -v

DESCRIPTION

       PRADS is a Passive Real-time Asset Detection System.

       PRADS  employs  digital fingerprints to recognize services on the wire, and can be used to map your network and monitor for changes in real
       time.

       Real-time passive traffic analysis will also let you detect assets that are just connected to the network for a short period of time, since
       PRADS can glean useful information from every packet.

       PRADS  aims  to	be the one-stop-shop for passive asset detection, and currently does MAC lookups, TCP and UDP OS fingerprinting as well as
       client and service application matching and a connection state table. Various output plugins include logfile and FIFO and make PRADS a use-
       ful replacement for p0f, pads and sancp.

       PRADS was built from the ground up for a small footprint and modern networks with IPv6 and gigabits of throughput.

OPTIONS

	  -i <iface>
		 Network device <iface> (default: eth0).

	  -r <file>
		 Read pcap <file>.

	  -c <file>
		 Read config from <file>

	  -b <filter>
		 Apply Berkeley packet filter <filter>.

	  -u <user>
		 Run as user <user>.

	  -g <group>
		 Run as group <group>.

	  -a <nets>
		 Specify home nets (eg: '192.168.0.0/25,10.0.0.0/255.0.0.0').

	  -D	 Enables daemon mode.

	  -p <pidfile>
		 Name of pidfile - inside chroot

	  -l <file>
		 Log assets to <file> (default: '/var/log/prads-asset.log')

	  -f <FIFO>
		 Log assets to <FIFO> -C <dir>	      Chroot into <dir> before dropping privs.

	  -XFRMSAK
		 Flag picker: X - clear flags, F:FIN, R:RST, M:MAC, S:SYN, A:ACK, K:SYNACK

	  -UTtI  Service checks: U:UDP, T:TCP-server, I:ICMP, t:TCP-cLient

	  -s <snaplen>
		 Dump <snaplen> bytes of each payload.

	  -v	 Verbose output - repeat for more verbosity.

	  -q	 Quiet - try harder not to produce output.

	  -O	 Connection tracking [O]utput - per-packet!

	  -x	 Conne[x]ion tracking output  - New, expired and ended.

	  -h	 This help message.

PROBLEMS

       1. Doesn't detect everything out there :-P

SEE ALSO

       o PRADS <http://prads.projects.linpro.no/>

       o p0f <http://lcamtuf.coredump.cx/p0f.shtml>

       o PADS <http://passive.sourceforge.net/>

BUGS

       Report bugs here:

       o http://github.com/gamelinux/prads/issues

       For general questions:

       o http://projects.linpro.no/mailman/listinfo/prads-devel

       o http://projects.linpro.no/mailman/listinfo/prads-users

AUTHOR

       Edward Bjarte Fjellskal <edwardfjellskaal@gmail.com>, Kacper Wysocki <comotion@users.sf.net>

COPYRIGHT

       GPL

0.2								    2010-06-17								  PRADS(1)

Check Out this Related Man Page

PADS(8) 						      System Manager's Manual							   PADS(8)

NAME

       pads - Passive Asset Detection System

SYNOPSIS

       pads <DhUvV> <-c file > <-d file > <-g group > <-i interface > <-n network(s) > <-p file > <-r file > <-u file > <-w file > <expression>

DESCRIPTION

       PADS is a libpcap based detection engine used to passively detect network assets.  It is designed to complement IDS technology by providing
       context to IDS alerts.

       Goals:

       - Passive:  Records and identifies traffic seen on a network without
	 actively "scanning" a system.	 There will never be a packet sent from
	 the pads application.

       - Portable:  Has the ability to be placed easily on a remote system.
	 Does not require additional external libraries other than those
	 associated with libpcap.

       - Lightweight:  Logging is sent to a simple CSV file.  There is no need
	 for a database or other data repository installed on the local
	 machine.  All correlation is done outside of the pads program.

OPTIONS

       -h     Display help / usage information.

       -D     Run PADS in the background (daemon mode).

       -d file
	      Dump banner data into a libpcap formatted file.  This feature will dump the matched packet or the first 4 packets  of  an  unmatched
	      connection into a specified file.  This can be used to further identify a service and also aid with signature development.

	      Please  keep  in	mind  that  this  feature  must  be  compiled into the application in order to use it.	This can be done by adding
	      '--enable-banner-grab' to the 'configure' step.

       -g group
	      This switch allows you to specify a group that PADS will drop to after the libpcap interface has been initialized.

       -h     Display help

       -i interface
	      Specify an interface to be used.

       -n network list
	      Specify a set of networks to be monitored.  Only assets that exist within these networks will be recorded.  The networks	should	be
	      specified in the following format: 10.10.10.0/24,192.168.0.0/16 .

       -p pid file
	      This switch allows you to specify a PID file to be used in conjunction with daemon (-D) mode.

       -r file
	      Read packets from a libpcap formatted file.

       -u user
	      This switch allows you to specify a user that PADS will drop to after the libpcap interface has been initialized.

       -w file
	      Dump data into a file other than assets.csv.

	expression
	      selects which packets will be processed.	Please see  tcpdump(1) for details on the libpcap primitives.

SEE ALSO

       pads.conf(8), pads-report(8), pads-archiver(8), tcpdump(8), pcre(3)

COPYRIGHT

       Copyright (C) 2004 Matt Shelton <matt@mattshelton.com>

BUGS

       Please send bug reports to the author.

AUTHORS

       Matt Shelton <matt@mattshelton.com>

								    2005/06/17								   PADS(8)
Man Page