Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
PADS(8)			    System Manager's Manual		       PADS(8)

NAME
       pads - Passive Asset Detection System

SYNOPSIS
       pads <DhUvV> <-c	file > <-d file	> <-g group > <-i interface > <-n net-
       work(s) > <-p file > <-r	file > <-u file	> <-w file > <expression>

DESCRIPTION
       PADS  is	a libpcap based	detection engine used to passively detect net-
       work assets.  It	is designed to complement IDS technology by  providing
       context to IDS alerts.

       Goals:

       -  Passive:   Records  and identifies traffic seen on a network without
       actively
	 "scanning" a system.	There will never be a  packet  sent  from  the
       pads
	 application.

       -  Portable:   Has  the ability to be placed easily on a	remote system.
       Does not
	 require additional external libraries	other  than  those  associated
       with
	 libpcap.

       - Lightweight:  Logging is sent to a simple CSV file.  There is no need
       for a
	 database  or  other  data  repository installed on the	local machine.
       All
	 correlation is	done outside of	the pads program.

OPTIONS
       -h     Display help / usage information.

       -D     Run PADS in the background (daemon mode).

       -d file
	      Dump banner data into a libpcap formatted	 file.	 This  feature
	      will  dump  the  matched packet or the first 4 packets of	an un-
	      matched connection into a	specified file.	 This can be  used  to
	      further  identify	a service and also aid with signature develop-
	      ment.

	      Please keep in mind that this feature must be compiled into  the
	      application  in  order  to  use  it.  This can be	done by	adding
	      '--enable-banner-grab' to	the

       -g group
	      This switch allows you to	specify	a group	that PADS will drop to
	      after the	libpcap	interface has been initialized.

       -h     Display help

       -i interface
	      Specify an interface to be used.

       -n network list
	      Specify a	set of networks	to be monitored.  Only assets that ex-
	      ist within these networks	will be	recorded.  The networks	should
	      be      specified	     in	     the       following       format:
	      10.10.10.0/24,192.168.0.0/16 .

       -p pid file
	      This  switch allows you to specify a PID file to be used in con-
	      junction with daemon (-D)	mode.

       -r file
	      Read packets from	a libpcap formatted file.

       -u user
	      This switch allows you to	specify	a user that PADS will drop  to
	      after the	libpcap	interface has been initialized.

       -w file
	      Dump data	into a file other than assets.csv.

	expression
	      selects which packets will be processed.	Please see  tcpdump(1)
	      for details on the libpcap primitives.

SEE ALSO
       pads.conf(8), pads-report(8), pads-archiver(8), tcpdump(8), pcre(3)

COPYRIGHT
       Copyright (C) 2004 Matt Shelton <matt@mattshelton.com>

BUGS
       Please send bug reports to the author.

AUTHORS
       Matt Shelton <matt@mattshelton.com>

				  2005/06/17			       PADS(8)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=pads&sektion=8&manpath=FreeBSD+Ports+14.3.quarterly>

home | help