prads.pl - inspired by passive.sourceforge.net, lcamtuf.coredump.cx/p0f and others...
Is a `Passive Real-time Asset Detection System`. It passively listen to network traffic and gathers information on hosts and services it sees on the network. This information can be used to map your network, letting you know what services and hosts are alive/used, or can be used together with your favorite IDS/IPS setup for "event to host/service" correlation.
FeaturesPRADS is under development, but it currently includes:
* OS fingerprinting, both SYN and SYN+ACK (IP/TCP) (Compatible with p0f fingerprints)
* TCP service fingerprinting (Signatures from/compatible with pads)
* TCP discovery of hosts (SYN and SYN+ACK)
* UDP discovery of hosts
* UDP OS fingerprinting
* ARP discovery of hosts
* MAC vendor fingerprinting (from ARP data)
* ICMP discovery of host
* ICMP OS fingerprinting
* perl DBI support (sqlite (default), MySQL, PostgreSQL, Oracle, MSSQL…)
* Daemon mode
* Some packet statistics (received,dropped,drop-rate and dropped by interface)
STDOUT and DBI (SQLite or MySQL etc) is currently used for output, but we are working on other options.
We would like you very much to try it out, tell us what you think, and verify/add signatures to make PRADS better.
People interested in joining the project are more than welcome :)
http://www.gamelinux.org/?p=52 PRADS status update (05.27.09)
http://www.gamelinux.org/?p=43 First post about PRADS (02.19.09)