monitoring tap interface

Status: Beta

Brought to you by: mattshelton

monitoring tap interface

Forum: Open Discussion

Creator: Brian E. Lavender

Created: 2009-01-03

Updated: 2013-04-25

Brian E. Lavender - 2009-01-03

I have pads configured to listen to an interface getting data from a passive tap. Thing is, I don't seem to see any output form PADS. How much traffic does it need to see before identifying things? I have it set to output to the screen.

brian

[root@localhost etc]# /usr/local/bin/pads -c /usr/local/etc/pads.conf
pads - Passive Asset Detection System
v1.2 - 06/17/05
Matt Shelton <matt@mattshelton.com>

[-] WARNING: pcap_lookupnet (bond0: no IPv4 address assigned)
[-] Filter: port 22
[-] Listening on interface bond0

Here is my config file.

daemon 0
pid_file /var/run/pads.pid
sig_file /usr/local/etc/pads-signature-list
mac_file /usr/local/etc/pads-ether-codes
interface bond0
filter port 22
network 156.234.0.0/16
output screen
output csv: assets.csv

I am running pads with the following command.

/usr/local/bin/pads -c /usr/local/etc/pads.conf

brian

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.