Forum Discussion

Bronze II

10 months ago

Solved

Zeek Ep 4 Scripting

Question 10
"After editing the required file, try to execute the script stated in Question 9 again. How many scans of unique ports are made from the IP address 192.168.100.103?"

I don't understand what is wrong with my syntax.

cat conn.log | zeek-cut id.orig_h id.resp_p| sort -u | wc -l

my thought process is that I'm grabbing the unique ports using sort -u from id.resp_p coming from id.orig_h. Then i do a count.

I keep getting the wrong answer.

defensive cyber

immersive labs

bluejacket
10 months ago
Got it! I realized I was looking at the wrong output file after solving the question before.
The output file from the zeek script will give the number of unique connections.

3 Replies

YasserSalama
Bronze I
10 months ago
Try 🍇
cat conn.log | zeek-cut id.orig_h id.resp_p | awk '$1=="192.168.100.103" {print $2}' | sort -u | wc -l
- bluejacket
  Bronze II
  10 months ago
  Thanks for your help. It was less about the filter and more about looking through all the other log outputs outside of conn.log
bluejacket
Bronze II
10 months ago
Got it! I realized I was looking at the wrong output file after solving the question before.
The output file from the zeek script will give the number of unique connections.

Forum Discussion

Zeek Ep 4 Scripting

3 Replies

Featured Places

Help

Related Content

Cross-Site Scripting: Ep.6 – Further Exploitation

Zeek - Demonstrate Your Skills

Help with Introduction to Python Scripting: Ep.7 – Demonstrate Your Skills

Re: Cross-Site Scripting: Ep.6 – Further Exploitation

python-scripting-for-malware-analysis-ep-5-code-obfuscation

Recent Discussions

Wizard Spider DFIR: Ep.9 – Sigma

Python Scripting for Malware Analysis: Ep.4 – Static Analysis of Cryptographic Algorithms matplotlib problem

Modern Maze

Kate's Story: Ep.1 – Gathering Intelligence - Questions 8,9

Can I format the text in an interlude with HTML?