Skip to content


comotion edited this page · 5 revisions
Clone this wiki locally

Welcome to the prads wiki!

PRADS is a `Passive Real-time Asset Detection System`. It passively listen to network traffic and gathers information on hosts and services it sees on the network. This information can be used to map your network, letting you know what services and hosts are alive/used, or can be used together with your favorite IDS/IPS setup for “event to host/service” correlation.

Presentations on PRADS:
PRADS @ Dagen @ IFI English presentation
PRADS @ Dagen @ IFI Norwegian presentation

Quick start:
root@machine# prads -D [*] Running prads 0.2.0 [*] Using libpcap version 1.1.1 [*] Using PCRE version 7.8 2008-09-05 [*] OS checks enabled: SYN SYNACK RST FIN ACK [*] Service checks enabled: TCP-SERVER TCP-CLIENT UDP-SERVICES ARP [*] Device: eth0 [*] Daemonizing...

To see the raw asset log file:
root@machine# tail -f /var/log/prads-asset.log asset,vlan,port,proto,service,[service-info],distance,discovered,0,1268,6,ACK,[65392:118:1:0:.:A:Windows:XP],10,1277044697,0,56393,6,ACK,[16425:114:1:0:.:A:Windows:XP],14,1277044697,0,38359,6,SYN,[S4:64:1:60:M1460,S,T,N,W7:.:Linux:2.6 (newer, 7):link:ethernet/modem:uptime:2630hrs],0,1277044698,0,48065,6,ACK,[54:64:1:0:N,N,T:ZAT:Linux:2.6:uptime:2630hrs],0,1277044697,0,55834,6,ACK,[33069:48:1:0:N,N,T:AT:Linux:2.4(newer)/2.6:uptime:307hrs],16,1277044697,0,48747,6,ACK,[259:114:1:0:N,N,T:AT:unknown:unknown:uptime:20hrs],14,1277044697
Remember that ACK mode is and always will be rather unreliable.

To get a better view of the detected systems, run the following command:
prads-asset-report | less 13 ------------------------------------------------------ IP: OS: Windows Server 2008 (R2 Standard 64-bit) (60%) 1 [..crop..] 104 ----------------------------------------------------- IP: OS: Linux 2.6 (newer, 7) (100%) 3 MAC(s): 00:DE:AD:BE:EF:2F (2010/06/20 16:39:00)

Port Service TCP-Application
80 CLIENT Mozilla/5.0 (X11; U; Linux x86_64; en (US) AppleWebKit/533.4 (K
HTML, like Gecko) Chrome/5.0.375.70
80 CLIENT @www
80 CLIENT Mozilla/5.0 (X11; U; Linux x86_64; en (US) AppleWebKit/533.4 (K
HTML, like Gecko) Chrome/5.0.375.70
443 CLIENT TLS 1.0 Client Hello
443 CLIENT TLS 1.0 Client Hello
3218 CLIENT rtorrent/0.8.6/0.12.6
6667 CLIENT @irc
6667 CLIENT @irc
6667 CLIENT SSL 2.0 Client Hello
50005 SERVER Bittorrent
50005 SERVER Bittorrent

Port Service UDP-Application
53 CLIENT @domain
53 CLIENT @domain
123 CLIENT @ntp

105 -—————————————————————————-


Packages are available for debian and ubuntu, for everyone else there is source.
Get PRADS now!

Report issues and feature requests to:

For suggestions, help, contributions and general banter go to the PRADS mailing list.

Something went wrong with that request. Please try again.