lunar (1) prads.1.gz

Provided by: prads_0.3.3-7_amd64 bug

NAME

       PRADS - Passive Real-time Asset Detection System

SYNOPSIS

          prads -i eth1 -v

DESCRIPTION

       PRADS is a Passive Real-time Asset Detection System.

       PRADS  employs  digital fingerprints to recognize services on the wire, and can be used to
       map your network and monitor for changes in real time.

       Real-time passive traffic analysis will also let you detect assets that are just connected
       to  the  network for a short period of time, since PRADS can glean useful information from
       every packet.

       PRADS aims to be the one-stop-shop for passive asset detection,  and  currently  does  MAC
       lookups,  TCP and UDP OS fingerprinting as well as client and service application matching
       and a connection state table. Various output plugins include logfile  and  FIFO  and  make
       PRADS a useful replacement for p0f, pads and sancp.

       PRADS was built from the ground up for a small footprint and modern networks with IPv6 and
       gigabits of throughput.

OPTIONS

          -i <iface>
                 Network device <iface> (default: eth0).

          -r <file>
                 Read pcap <file>.

          -c <file>
                 Read config from <file>.

          -b <filter>
                 Apply Berkeley packet filter <filter>.

          -u <user>
                 Run as user <user>   (Default: uid 1).

          -g <group>
                 Run as group <group> (Default: gid 1).

          -d     Do not drop privileges.

          -a <nets>
                 Specify home nets (eg: '192.168.0.0/25,10.0.0.0/255.0.0.0').

          -D     Daemonize.

          -p <pidfile>
                 Name of pidfile - inside chroot.

          -l <file>
                 Log assets to <file> (default: '%s')n", config.assetlog.

          -f <FIFO>
                 Log assets to <FIFO>.

          -B     Log connections to ringbuffer.

          -C <dir>
                 Chroot into <dir> before dropping privs.

          -XFRMSAK
                 Flag picker: X - clear flags, F:FIN, R:RST, M:MAC, S:SYN, A:ACK, K:SYNACK

          -UTtI  Service checks: U:UDP, T:TCP-server, I:ICMP, t:TCP-cLient

          -P     DHCP fingerprinting.

          -s <snaplen>
                 Dump <snaplen> bytes of each payload.

          -v     Verbose output - repeat for more verbosity.

          -q     Quiet - try harder not to produce output.

          -L <dir>
                 log cxtracker type output to <dir> (will be owned by <uid>).

          -O     Connection tracking [O]utput - per-packet!

          -x     Conne[x]ion tracking output  - New, expired and ended.

          -Z     Passive DNS (Experimental).

          -H     DHCP fingerprinting (Expermiental).

          -h     This help message.

PROBLEMS

       1. Doesn't detect everything out there :-P

       2. This man page.

SEE ALSO

       • PRADS <http://prads.projects.linpro.no/>

       • p0f <http://lcamtuf.coredump.cx/p0f.shtml>

       • PADS <http://passive.sourceforge.net/>

BUGS

       Report bugs here:

       • http://github.com/gamelinux/prads/issues

       For general questions:

       • http://projects.linpro.no/mailman/listinfo/prads-develhttp://projects.linpro.no/mailman/listinfo/prads-users

AUTHOR

       Edward     Bjarte     Fjellskål     <edwardfjellskaal@gmail.com>,      Kacper      Wysocki
       <comotion@users.sf.net>

       GPL