From NSMWiki
Background
Usage
user@machine:~$ ./pads -h
pads - Passive Asset Detection System
v1.2 - 06/17/05
Matt Shelton <matt@mattshelton.com>
Usage:
-c <file> : Read configuration from <file>.
-d <file> : Dump banner packets to a libpcap formatted file.
-D : Run PADS in the background (daemon mode).
-g <group> : Drop privileges to this group.
-h : Help
-i <interface> : Listen on <interface>. The lowest number interface
will be used if an interface isn't specified.
-n <network> : Reads in a comma seperated list of networks
to be monitored.
ex. -n "192.168.0.0/24,10.0.0.0/16"
-p <file> : PID file used with daemon mode.
-r <file> : Read packets from a libpcap formatted file.
-u <user> : Drop privileges to this user.
-v : Verbose
-V : Version
-w <file> : Dump data into file other than assets.csv.
Additional arguments will be processed as a libpcap filter. For example,
the following command will not only use interface hme1 but will also only
search for assets on port 22:
pads -i hme1 port 22
PADS related links
Additional PADS signatures
# CommuniGate Pro POP3 Server
pop3,v/CommuniGate Pro POP3/$1//,OK CommuniGate Pro POP3 Server (.*) ready
# Generic CVSup server
cvsup,v/CVSup server///,CVSup server ready
# MySQL
sql,v/MySQL/$1//,([3-6]\.[0-1]\.\d\d-\w.+)
# Citrix ICA. Included signature wasn't hitting, this seems to fix it.
ica,v/Citrix ICA Protocol///,\x7f\x7ICA\x00
# MS FTP with no version
ftp,v/Microsoft FTP Server Unknown Version///,220 Microsoft FTP Service
