Skip to content
This repository

A network sniffer that logs all DNS server replies for use in a passive DNS setup

Fetching latest commit…

Cannot retrieve the latest commit at this time

README
#
#  ______                                           ____   __  __  _____
# |  __  |                         @               |    \ |  \ | ||  ___| (TM)
# | _____|.------. .-----. .-----. _ -. .-.------. | |\  ||   \| ||___  |
# |  |    |  __  ||__  --'|__  --'| |\ Y /| _--__|_| |/  ||      || \_| |
# |__|    |____|_||______||______||_| \_/ |_______/|____/ |__|\__||_____|
#
#

A tool to collect DNS records passively to aid Incident handling, Network Security Monitoring
and general digital forensics.

PassiveDNS sniffes the interface or reads a pcap-file and outputs the DNS-server answers.

Example output from version 0.2.0 in the log file (/var/log/passivedns.log):

#timestamp||dns-client ||dns-server||RR class||Query||Query Type||Answer
1322849924||192.168.1.1||81.167.36.3||IN||upload.youtube.com.||CNAME||yt-video-upload.l.google.com.
1322849924||192.168.1.1||81.167.36.3||IN||upload.youtube.com.||A||74.125.43.117
1322849924||192.168.1.1||81.167.36.3||IN||upload.youtube.com.||A||74.125.43.116
1322849924||192.168.1.1||81.167.36.3||IN||www.adobe.com.||CNAME||www.wip4.adobe.com.
1322849924||192.168.1.1||81.167.36.3||IN||www.adobe.com.||A||193.104.215.61
1322849924||192.168.1.1||81.167.36.3||IN||i1.ytimg.com.||CNAME||ytimg.l.google.com.
1322849924||192.168.1.1||8.8.8.8||IN||clients1.google.com.||A||173.194.32.3


Something went wrong with that request. Please try again.