Video Tutorials
Video Tutorial

Part 3: DNS Tunneling - Passive Network Monitoring

With Passive Network Monitoring, administrators have the opportunity to capture network traffic from devices that are not configured or cannot be configured to forward network activity logs. This feature also lets security personnel to catch logs from rogue devices in the network that they might not be aware of.

In this tutorial series, we'll be explaining the passive network monitoring abilities of NXLog Enterprise Edition to capture and log questionable network-related events such as Rogue DHCP Servers replies, unexpected ARP & ICMP Sweeps, and DNS Tunneling.

The im_pcap module of NXLog Enterprise Edition provides support to passively monitor network traffic by generating logs for various protocols.

Build a scalable logging infrastructure

The ultimate log collection and centralization solution

Download and try NXLog Enterprise Edition

See our extended documentation and set up the tool

Send us a price inquiry to get a quote