Forum Discussion
Bronze IIZeek Ep 4 Scripting
Question 10
"After editing the required file, try to execute the script stated in Question 9 again. How many scans of unique ports are made from the IP address 192.168.100.103?"
I don't understand what is wrong with my syntax.
cat conn.log | zeek-cut id.orig_h id.resp_p| sort -u | wc -l
my thought process is that I'm grabbing the unique ports using sort -u from id.resp_p coming from id.orig_h. Then i do a count.
I keep getting the wrong answer.
Got it! I realized I was looking at the wrong output file after solving the question before.
The output file from the zeek script will give the number of unique connections.
3 Replies
YasserSalamaBronze I
Try 🍇
cat conn.log | zeek-cut id.orig_h id.resp_p | awk '$1=="192.168.100.103" {print $2}' | sort -u | wc -l
bluejacketThanks for your help. It was less about the filter and more about looking through all the other log outputs outside of conn.log
- bluejacket
Got it! I realized I was looking at the wrong output file after solving the question before.
The output file from the zeek script will give the number of unique connections.
