Pentest Tools

Passivedns – A network sniffer that logs all DNS server replies for use in a pas

This topic contains 0 replies, has 1 voice, and was last updated by  admin 7 years, 6 months ago.

  • Author
    Posts
  • #2042

    admin
    Keymaster

    A tool to collect DNS records passively to aid Incident handling, Network Security Monitoring (NSM) and general digital forensics.

    PassiveDNS sniffes traffic from an interface or reads a pcap-file and outputs the DNS-server answers to a log file. PassiveDNS can cache/aggregate duplicate DNS answers in-memory, limiting the amount of data in the logfile without loosing the essens in the DNS answer.

    Example output from version 1.0.0->Current in the log file (/var/log/passivedns.log):

    #timestamp||dns-client ||dns-server||RR class||Query||Query Type||Answer||TTL||Count
    1322849924.408856||10.1.1.1||8.8.8.8||IN||upload.youtube.com.||A||74.125.43.117||46587||5
    1322849924.408857||10.1.1.1||8.8.8.8||IN||upload.youtube.com.||A||74.125.43.116||420509||5
    1322849924.408858||10.1.1.1||8.8.8.8||IN||www.adobe.com.||CNAME||www.wip4.adobe.com.||43200||8
    1322849924.408859||10.1.1.1||8.8.8.8||IN||www.adobe.com.||A||193.104.215.61||43200||8
    1322849924.408860||10.1.1.1||8.8.8.8||IN||i1.ytimg.com.||CNAME||ytimg.l.google.com.||43200||3
    1322849924.408861||10.1.1.1||8.8.8.8||IN||clients1.google.com.||A||173.194.32.3||43200||2


    Download Passivedns

You must be logged in to reply to this topic.