reddit hackernews mail facebook facebook linkedin


A network sniffer that logs all DNS server replies for use in a passive DNS setup.

A tool to collect DNS records passively to aid Incident handling, Network Security Monitoring (NSM) and general digital forensics.

PassiveDNS sniffs traffic from an interface or reads a pcap-file and outputs the DNS-server answers to a log file. PassiveDNS can cache/aggregate duplicate DNS answers in-memory, limiting the amount of data in the logfile without losing the essense in the DNS answer.

PassiveDNS works on IPv4 and IPv6 traffic and parse DNS traffic over TCP and UDP.