![]() Zeek-cut is a useful utility that ships with Zeek and provides the ability to extract desired information contained within the Zeek *.log files. Columns are tab-separated and are described in The format within these log files is self-explanatory with column names being indicative of the information contained within the columns. ![]() When done, Zeek creates the following log files (depending on the type of traffic discovered): The -r option specifies offline PCAP file analysis whereas -w specifies live network capture.ĭepending on the size of the PCAP, this could take a while. To generate these logs files, feed the PCAP to Zeek: log files pertaining to various types of information contained in the PCAP. ![]() We will be using a sample PCAP in this post. This post provides a quick introduction to Zeek and its capabilities. Zeek is very suitable for performing automated analysis for quickly zeroing in on information. Packet capture analysis in Wireshark and while Wireshark is still my number one tool for PCAP analysis, Zeek was a great find for me. Zeek (previously called bro) is a useful tool that enables high-level PCAP analysis at the application layer.
0 Comments
Leave a Reply. |