Provided by: prads_0.3.3-1build1_amd64 bug


       PRADS - Passive Real-time Asset Detection System


          prads -i eth1 -v


       PRADS is a Passive Real-time Asset Detection System.

       PRADS  employs  digital fingerprints to recognize services on the wire, and can be used to
       map your network and monitor for changes in real time.

       Real-time passive traffic analysis will also let you detect assets that are just connected
       to  the  network for a short period of time, since PRADS can glean useful information from
       every packet.

       PRADS aims to be the one-stop-shop for passive asset detection,  and  currently  does  MAC
       lookups,  TCP and UDP OS fingerprinting as well as client and service application matching
       and a connection state table. Various output plugins include logfile  and  FIFO  and  make
       PRADS a useful replacement for p0f, pads and sancp.

       PRADS was built from the ground up for a small footprint and modern networks with IPv6 and
       gigabits of throughput.


          -i <iface>
                 Network device <iface> (default: eth0).

          -r <file>
                 Read pcap <file>.

          -c <file>
                 Read config from <file>.

          -b <filter>
                 Apply Berkeley packet filter <filter>.

          -u <user>
                 Run as user <user>   (Default: uid 1).

          -g <group>
                 Run as group <group> (Default: gid 1).

          -d     Do not drop privileges.

          -a <nets>
                 Specify home nets (eg: ',').

          -D     Daemonize.

          -p <pidfile>
                 Name of pidfile - inside chroot.

          -l <file>
                 Log assets to <file> (default: '%s')n", config.assetlog.

          -f <FIFO>
                 Log assets to <FIFO>.

          -B     Log connections to ringbuffer.

          -C <dir>
                 Chroot into <dir> before dropping privs.

                 Flag picker: X - clear flags, F:FIN, R:RST, M:MAC, S:SYN, A:ACK, K:SYNACK

          -UTtI  Service checks: U:UDP, T:TCP-server, I:ICMP, t:TCP-cLient

          -P     DHCP fingerprinting.

          -s <snaplen>
                 Dump <snaplen> bytes of each payload.

          -v     Verbose output - repeat for more verbosity.

          -q     Quiet - try harder not to produce output.

          -L <dir>
                 log cxtracker type output to <dir> (will be owned by <uid>).

          -O     Connection tracking [O]utput - per-packet!

          -x     Conne[x]ion tracking output  - New, expired and ended.

          -Z     Passive DNS (Experimental).

          -H     DHCP fingerprinting (Expermiental).

          -h     This help message.


       1. Doesn't detect everything out there :-P

       2. This man page.


       · PRADS <>

       · p0f <>

       · PADS <>


       Report bugs here:


       For general questions:




       Edward     Bjarte     Fjellskål     <>,      Kacper      Wysocki