Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
PADS(8)			    System Manager's Manual		       PADS(8)

NAME
       pads - Passive Asset Detection System

SYNOPSIS
       pads <DhUvV> <-c	file > <-d file	> <-g group > <-i interface > <-n net-
       work(s) > <-p file > <-r	file > <-u file	> <-w file > <expression>

DESCRIPTION
       PADS is a libpcap based detection engine	used to	passively detect  net-
       work  assets.  It is designed to	complement IDS technology by providing
       context to IDS alerts.

       Goals:

       - Passive:  Records and identifies traffic seen on  a  network  without
       actively
	 "scanning"  a	system.	   There  will never be	a packet sent from the
       pads
	 application.

       - Portable:  Has	the ability to be placed easily	on  a  remote  system.
       Does not
	 require  additional  external	libraries  other than those associated
       with
	 libpcap.

       - Lightweight:  Logging is sent to a simple CSV file.  There is no need
       for a
	 database  or  other  data  repository installed on the	local machine.
       All
	 correlation is	done outside of	the pads program.

OPTIONS
       -h     Display help / usage information.

       -D     Run PADS in the background (daemon mode).

       -d file
	      Dump banner data into a libpcap formatted	 file.	 This  feature
	      will  dump  the  matched packet or the first 4 packets of	an un-
	      matched connection into a	specified file.	 This can be  used  to
	      further  identify	a service and also aid with signature develop-
	      ment.

	      Please keep in mind that this feature must be compiled into  the
	      application  in  order  to  use  it.  This can be	done by	adding
	      '--enable-banner-grab' to	the

       -g group
	      This switch allows you to	specify	a group	that PADS will drop to
	      after the	libpcap	interface has been initialized.

       -h     Display help

       -i interface
	      Specify an interface to be used.

       -n network list
	      Specify a	set of networks	to be monitored.  Only assets that ex-
	      ist within these networks	will be	recorded.  The networks	should
	      be       specified       in      the	following      format:
	      10.10.10.0/24,192.168.0.0/16 .

       -p pid file
	      This switch allows you to	specify	a PID file to be used in  con-
	      junction with daemon (-D)	mode.

       -r file
	      Read packets from	a libpcap formatted file.

       -u user
	      This  switch allows you to specify a user	that PADS will drop to
	      after the	libpcap	interface has been initialized.

       -w file
	      Dump data	into a file other than assets.csv.

	expression
	      selects which packets will be processed.	Please see  tcpdump(1)
	      for details on the libpcap primitives.

SEE ALSO
       pads.conf(8), pads-report(8), pads-archiver(8), tcpdump(8), pcre(3)

COPYRIGHT
       Copyright (C) 2004 Matt Shelton <matt@mattshelton.com>

BUGS
       Please send bug reports to the author.

AUTHORS
       Matt Shelton <matt@mattshelton.com>

				  2005/06/17			       PADS(8)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | SEE ALSO | COPYRIGHT | BUGS | AUTHORS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=pads&sektion=8&manpath=FreeBSD+13.0-RELEASE+and+Ports>

home | help