GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  PADS (8)

NAME

pads - Passive Asset Detection System

CONTENTS

Synopsis
Description
Options
See Also
Copyright
Bugs
Authors

SYNOPSIS

pads <DhUvV> <-c file > <-d file > <-g group > <-i interface > <-n network(s) > <-p file > <-r file > <-u file > <-w file > <expression>

DESCRIPTION

PADS is a libpcap based detection engine used to passively detect network assets. It is designed to complement IDS technology by providing context to IDS alerts.

Goals:

- Passive: Records and identifies traffic seen on a network without actively
"scanning" a system. There will never be a packet sent from the pads
application.

- Portable: Has the ability to be placed easily on a remote system. Does not
require additional external libraries other than those associated with
libpcap.

- Lightweight: Logging is sent to a simple CSV file. There is no need for a
database or other data repository installed on the local machine. All
correlation is done outside of the pads program.

OPTIONS

-h Display help / usage information.

-D Run PADS in the background (daemon mode).

-d file Dump banner data into a libpcap formatted file. This feature will dump the matched packet or the first 4 packets of an unmatched connection into a specified file. This can be used to further identify a service and also aid with signature development.

Please keep in mind that this feature must be compiled into the application in order to use it. This can be done by adding ’--enable-banner-grab’ to the

-g group This switch allows you to specify a group that PADS will drop to after the libpcap interface has been initialized.

-h Display help

-i interface Specify an interface to be used.

-n network list Specify a set of networks to be monitored. Only assets that exist within these networks will be recorded. The networks should be specified in the following format: 10.10.10.0/24,192.168.0.0/16 .

-p pid file This switch allows you to specify a PID file to be used in conjunction with daemon (-D) mode.

-r file Read packets from a libpcap formatted file.

-u user This switch allows you to specify a user that PADS will drop to after the libpcap interface has been initialized.

-w file Dump data into a file other than assets.csv.

expression selects which packets will be processed. Please see tcpdump(1) for details on the libpcap primitives.

SEE ALSO

pads.conf(8), pads-report(8), pads-archiver(8), tcpdump(8), pcre(3)

COPYRIGHT

Copyright (C) 2004 Matt Shelton <matt@mattshelton.com>

BUGS

Please send bug reports to the author.

AUTHORS

Matt Shelton <matt@mattshelton.com>
Search for    or go to Top of page |  Section 8 |  Main Index


--> PADS (8) 2005/06/17

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.