.\" Man page generated from reStructuredText. . .TH PRADS 1 "2010-06-17" "0.2" "networking" .SH NAME PRADS \- Passive Real-time Asset Detection System . .nr rst2man-indent-level 0 . .de1 rstReportMargin \\$1 \\n[an-margin] level \\n[rst2man-indent-level] level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] - \\n[rst2man-indent0] \\n[rst2man-indent1] \\n[rst2man-indent2] .. .de1 INDENT .\" .rstReportMargin pre: . RS \\$1 . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] . nr rst2man-indent-level +1 .\" .rstReportMargin post: .. .de UNINDENT . RE .\" indent \\n[an-margin] .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] .nr rst2man-indent-level -1 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] .in \\n[rst2man-indent\\n[rst2man-indent-level]]u .. .SH SYNOPSIS .INDENT 0.0 .INDENT 3.5 prads \-i eth1 \-v .UNINDENT .UNINDENT .SH DESCRIPTION .sp PRADS is a Passive Real\-time Asset Detection System. .sp PRADS employs digital fingerprints to recognize services on the wire, and can be used to map your network and monitor for changes in real time. .sp Real\-time passive traffic analysis will also let you detect assets that are just connected to the network for a short period of time, since PRADS can glean useful information from every packet. .sp PRADS aims to be the one\-stop\-shop for passive asset detection, and currently does MAC lookups, TCP and UDP OS fingerprinting as well as client and service application matching and a connection state table. Various output plugins include logfile and FIFO and make PRADS a useful replacement for p0f, pads and sancp. .sp PRADS was built from the ground up for a small footprint and modern networks with IPv6 and gigabits of throughput. .SH OPTIONS .INDENT 0.0 .INDENT 3.5 .INDENT 0.0 .TP .BI \-i \ Network device (default: eth0). .TP .BI \-r \ Read pcap . .TP .BI \-c \ Read config from . .TP .BI \-b \ Apply Berkeley packet filter . .TP .BI \-u \ Run as user (Default: uid 1). .TP .BI \-g \ Run as group (Default: gid 1). .TP .B \-d Do not drop privileges. .TP .BI \-a \ Specify home nets (eg: \(aq192.168.0.0/25,10.0.0.0/255.0.0.0\(aq). .TP .B \-D Daemonize. .TP .BI \-p \ Name of pidfile \- inside chroot. .TP .BI \-l \ Log assets to (default: \(aq%s\(aq)n", config.assetlog. .TP .BI \-f \ Log assets to . .TP .B \-B Log connections to ringbuffer. .TP .BI \-C \ Chroot into before dropping privs. .TP .BI \-X\fB FRMSAK Flag picker: X \- clear flags, F:FIN, R:RST, M:MAC, S:SYN, A:ACK, K:SYNACK .TP .BI \-U\fB TtI Service checks: U:UDP, T:TCP\-server, I:ICMP, t:TCP\-cLient .TP .B \-P DHCP fingerprinting. .TP .BI \-s \ Dump bytes of each payload. .TP .B \-v Verbose output \- repeat for more verbosity. .TP .B \-q Quiet \- try harder not to produce output. .TP .BI \-L \ log cxtracker type output to (will be owned by ). .TP .B \-O Connection tracking [O]utput \- per\-packet! .TP .B \-x Conne[x]ion tracking output \- New, expired and ended. .TP .B \-Z Passive DNS (Experimental). .TP .B \-H DHCP fingerprinting (Expermiental). .TP .B \-h This help message. .UNINDENT .UNINDENT .UNINDENT .SH PROBLEMS .INDENT 0.0 .IP 1. 3 Doesn\(aqt detect everything out there :\-P .IP 2. 3 This man page. .UNINDENT .SH SEE ALSO .INDENT 0.0 .IP \(bu 2 PRADS <\fI\%http://prads.projects.linpro.no/\fP> .IP \(bu 2 p0f <\fI\%http://lcamtuf.coredump.cx/p0f.shtml\fP> .IP \(bu 2 PADS <\fI\%http://passive.sourceforge.net/\fP> .UNINDENT .SH BUGS .sp Report bugs here: .INDENT 0.0 .IP \(bu 2 \fI\%http://github.com/gamelinux/prads/issues\fP .UNINDENT .sp For general questions: .INDENT 0.0 .IP \(bu 2 \fI\%http://projects.linpro.no/mailman/listinfo/prads\-devel\fP .IP \(bu 2 \fI\%http://projects.linpro.no/mailman/listinfo/prads\-users\fP .UNINDENT .SH AUTHOR Edward Bjarte Fjellskål , Kacper Wysocki .SH COPYRIGHT GPL .\" Generated by docutils manpage writer. .