Passivedns - A network sniffer that logs all DNS server replies for use in a passive DNS setup

A tool to collect DNS records passively to aid Incident handling, Network Security Monitoring (NSM) and general digital forensics.

PassiveDNS sniffes traffic from an interface or reads a pcap-file and outputs the DNS-server answers to a log file. PassiveDNS can cache/aggregate duplicate DNS answers in-memory, limiting the amount of data in the logfile without loosing the essens in the DNS answer.

Example output from version 1.0.0->Current in the log file (/var/log/passivedns.log):
#timestamp||dns-client ||dns-server||RR class||Query||Query Type||Answer||TTL||Count

If you are like to add your tool in our blog feel free to contact us. We are always ready to add it for free.

Post a Comment