PADS(8) | System Manager's Manual | PADS(8) |
NAME¶
pads - Passive Asset Detection SystemSYNOPSIS¶
pads <DhUvV> <-c file > <-d file > <-g group > <-i interface > <-n network(s) > <-p file > <-r file > <-u file > <-w file > <expression>DESCRIPTION¶
PADS is a libpcap based detection engine used to passively detect network assets. It is designed to complement IDS technology by providing context to IDS alerts.actively "scanning" a system. There will never be a packet sent from
the pads application.
Does not require additional external libraries other than those
associated with libpcap.
for a database or other data repository installed on the local
machine. All correlation is done outside of the pads program.
OPTIONS¶
- -h
- Display help / usage information.
- -D
- Run PADS in the background (daemon mode).
- -d file
- Dump banner data into a libpcap formatted file. This
feature will dump the matched packet or the first 4 packets of an
unmatched connection into a specified file. This can be used to further
identify a service and also aid with signature development.
- -g group
- This switch allows you to specify a group that PADS will
drop to after the libpcap interface has been initialized.
- -h
- Display help
- -i interface
- Specify an interface to be used.
- -n network list
- Specify a set of networks to be monitored. Only assets that
exist within these networks will be recorded. The networks should be
specified in the following format: 10.10.10.0/24,192.168.0.0/16
.
- -p pid file
- This switch allows you to specify a PID file to be used in
conjunction with daemon (-D) mode.
- -r file
- Read packets from a libpcap formatted file.
- -u user
- This switch allows you to specify a user that PADS will
drop to after the libpcap interface has been initialized.
- -w file
- Dump data into a file other than assets.csv.
- expression
- selects which packets will be processed. Please see
tcpdump(1) for details on the libpcap primitives.
SEE ALSO¶
pads.conf(8), pads-report(8), pads-archiver(8), tcpdump(8), pcre(3)COPYRIGHT¶
Copyright (C) 2004 Matt Shelton <matt@mattshelton.com>BUGS¶
Please send bug reports to the author.AUTHORS¶
Matt Shelton <matt@mattshelton.com>2005/06/17 |