With Passive Network Monitoring, administrators have the opportunity to capture network traffic from devices that are not configured or cannot be configured to forward network activity logs. This feature also lets security personnel to catch logs from rogue devices in the network that they might not be aware of.

In this tutorial series, we'll be explaining the passive network monitoring abilities of NXLog Enterprise Edition to capture and log questionable network-related events such as Rogue DHCP Servers replies, unexpected ARP & ICMP Sweeps, and DNS Tunneling.

The im_pcap module of NXLog Enterprise Edition provides support to passively monitor network traffic by generating logs for various protocols.