Provided by: pads_1.2-11.1ubuntu2_amd64 bug

NAME
       pads - Passive Asset Detection System


SYNOPSIS
       pads <DhUvV> <-c file > <-d file > <-g group > <-i interface > <-n network(s) > <-p file > <-r file > <-u
       file > <-w file > <expression>


DESCRIPTION
       PADS is a libpcap based detection engine used to passively detect network  assets.   It  is  designed  to
       complement IDS technology by providing context to IDS alerts.

       Goals:

       - Passive:  Records and identifies traffic seen on a network without
         actively "scanning" a system.   There will never be a packet sent from
         the pads application.

       - Portable:  Has the ability to be placed easily on a remote system.
         Does not require additional external libraries other than those
         associated with libpcap.

       - Lightweight:  Logging is sent to a simple CSV file.  There is no need
         for a database or other data repository installed on the local
         machine.  All correlation is done outside of the pads program.


OPTIONS
       -h     Display help / usage information.

       -D     Run PADS in the background (daemon mode).

       -d file
              Dump  banner data into a libpcap formatted file.  This feature will dump the matched packet or the
              first 4 packets of an unmatched connection into a specified file.  This can  be  used  to  further
              identify a service and also aid with signature development.

              Please  keep  in  mind that this feature must be compiled into the application in order to use it.
              This can be done by adding ยด--enable-banner-grab' to the 'configure' step.

       -g group
              This switch allows you to specify a group that PADS will drop to after the libpcap  interface  has
              been initialized.

       -h     Display help

       -i interface
              Specify an interface to be used.

       -n network list
              Specify  a  set of networks to be monitored.  Only assets that exist within these networks will be
              recorded.  The networks should be specified in the following format:  10.10.10.0/24,192.168.0.0/16
              .

       -p pid file
              This switch allows you to specify a PID file to be used in conjunction with daemon (-D) mode.

       -r file
              Read packets from a libpcap formatted file.

       -u user
              This  switch  allows  you to specify a user that PADS will drop to after the libpcap interface has
              been initialized.

       -w file
              Dump data into a file other than assets.csv.

        expression
              selects which packets will be processed.  Please  see   tcpdump(1)  for  details  on  the  libpcap
              primitives.


SEE ALSO
       pads.conf(8), pads-report(8), pads-archiver(8), tcpdump(8), pcre(3)


COPYRIGHT
       Copyright (C) 2004 Matt Shelton <matt@mattshelton.com>


BUGS
       Please send bug reports to the author.


AUTHORS
       Matt Shelton <matt@mattshelton.com>

                                                   2005/06/17                                            PADS(8)