Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   44335 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

PADS(8)								       PADS(8)

NAME
       pads - Passive Asset Detection System

SYNOPSIS
       pads <DhUvV> <-c file > <-d file > <-g group > <-i interface > <-n net‐
       work(s) > <-p file > <-r file > <-u file > <-w file > <expression>

DESCRIPTION
       PADS is a libpcap based detection engine used to passively detect  net‐
       work  assets.  It is designed to complement IDS technology by providing
       context to IDS alerts.

       Goals:

       - Passive:  Records and identifies traffic seen on  a  network  without
       actively
	 "scanning"  a	system.	   There  will never be a packet sent from the
       pads
	 application.

       - Portable:  Has the ability to be placed easily on  a  remote  system.
       Does not
	 require  additional  external	libraries  other than those associated
       with
	 libpcap.

       - Lightweight:  Logging is sent to a simple CSV file.  There is no need
       for a
	 database  or  other  data  repository installed on the local machine.
       All
	 correlation is done outside of the pads program.

OPTIONS
       -h     Display help / usage information.

       -D     Run PADS in the background (daemon mode).

       -d file
	      Dump banner data into a libpcap formatted	 file.	 This  feature
	      will  dump  the  matched	packet	or  the	 first 4 packets of an
	      unmatched connection into a specified file.  This can be used to
	      further  identify a service and also aid with signature develop‐
	      ment.

	      Please keep in mind that this feature must be compiled into  the
	      application  in  order  to  use  it.  This can be done by adding
	      '--enable-banner-grab' to the

       -g group
	      This switch allows you to specify a group that PADS will drop to
	      after the libpcap interface has been initialized.

       -h     Display help

       -i interface
	      Specify an interface to be used.

       -n network list
	      Specify  a  set  of  networks to be monitored.  Only assets that
	      exist within these networks  will	 be  recorded.	 The  networks
	      should	 be	specified    in	   the	  following    format:
	      10.10.10.0/24,192.168.0.0/16 .

       -p pid file
	      This switch allows you to specify a PID file to be used in  con‐
	      junction with daemon (-D) mode.

       -r file
	      Read packets from a libpcap formatted file.

       -u user
	      This  switch allows you to specify a user that PADS will drop to
	      after the libpcap interface has been initialized.

       -w file
	      Dump data into a file other than assets.csv.

	expression
	      selects which packets will be processed.	Please see  tcpdump(1)
	      for details on the libpcap primitives.

SEE ALSO
       pads.conf(8), pads-report(8), pads-archiver(8), tcpdump(8), pcre(3)

COPYRIGHT
       Copyright (C) 2004 Matt Shelton <matt@mattshelton.com>

BUGS
       Please send bug reports to the author.

AUTHORS
       Matt Shelton <matt@mattshelton.com>

				  2005/06/17			       PADS(8)

Vote for polarhome