Provided by: pads_1.2-12_amd64 bug

NAME

       pads - Passive Asset Detection System

SYNOPSIS

       pads <DhUvV> <-c file > <-d file > <-g group > <-i interface > <-n network(s) > <-p file >
       <-r file > <-u file > <-w file > <expression>

DESCRIPTION

       PADS is a libpcap based detection engine used to passively detect network assets.   It  is
       designed to complement IDS technology by providing context to IDS alerts.

       Goals:

       - Passive:  Records and identifies traffic seen on a network without
         actively "scanning" a system.   There will never be a packet sent from
         the pads application.

       - Portable:  Has the ability to be placed easily on a remote system.
         Does not require additional external libraries other than those
         associated with libpcap.

       - Lightweight:  Logging is sent to a simple CSV file.  There is no need
         for a database or other data repository installed on the local
         machine.  All correlation is done outside of the pads program.

OPTIONS

       -h     Display help / usage information.

       -D     Run PADS in the background (daemon mode).

       -d file
              Dump banner data into a libpcap formatted file.  This feature will dump the matched
              packet or the first 4 packets of an unmatched connection  into  a  specified  file.
              This  can  be  used  to  further  identify  a  service  and also aid with signature
              development.

              Please keep in mind that this feature must be  compiled  into  the  application  in
              order  to  use  it.   This  can  be  done  by  adding ยด--enable-banner-grab' to the
              'configure' step.

       -g group
              This switch allows you to specify a group that PADS will drop to after the  libpcap
              interface has been initialized.

       -h     Display help

       -i interface
              Specify an interface to be used.

       -n network list
              Specify  a  set  of  networks to be monitored.  Only assets that exist within these
              networks will be recorded.  The networks  should  be  specified  in  the  following
              format: 10.10.10.0/24,192.168.0.0/16 .

       -p pid file
              This  switch allows you to specify a PID file to be used in conjunction with daemon
              (-D) mode.

       -r file
              Read packets from a libpcap formatted file.

       -u user
              This switch allows you to specify a user that PADS will drop to after  the  libpcap
              interface has been initialized.

       -w file
              Dump data into a file other than assets.csv.

        expression
              selects which packets will be processed.  Please see  tcpdump(1) for details on the
              libpcap primitives.

SEE ALSO

       pads.conf(8), pads-report(8), pads-archiver(8), tcpdump(8), pcre(3)

COPYRIGHT

       Copyright (C) 2004 Matt Shelton <matt@mattshelton.com>

BUGS

       Please send bug reports to the author.

AUTHORS

       Matt Shelton <matt@mattshelton.com>

                                            2005/06/17                                    PADS(8)