Class 6 Lab 5 ‐ Zeek It - Justin-Boyd/CIT-Class GitHub Wiki
Task 1
zeek -Cr infected.pcap
ls
Task 2
cat dhcp.log | zeek-cut mac client_addr host_name
Task 3
cat conn.log | zeek-cut service | sort -u
Task 4
cat smb_files.log | zeek-cut action
Task 5
cat smb_mapping.log | zeek-cut -M path share_type
Task 6
awk '$8 !~ "-" ' files.log | zeek-cut source analyzers mime_type filename | sort -u
Task 7
cat http.log | zeek-cut -d ts resp_filenames | grep .doc | awk '{ print $1}'
Task 8
cat conn.log | zeek-cut duration | sort -n | tail