Forum Discussion

Bronze II

5 months ago

Solved

Zeek Ep 4 Scripting

Question 10
"After editing the required file, try to execute the script stated in Question 9 again. How many scans of unique ports are made from the IP address 192.168.100.103?"

I don't understand what is wrong with my syntax.

cat conn.log | zeek-cut id.orig_h id.resp_p| sort -u | wc -l

my thought process is that I'm grabbing the unique ports using sort -u from id.resp_p coming from id.orig_h. Then i do a count.

I keep getting the wrong answer.

defensive cyber

immersive labs

bluejacket
5 months ago
Got it! I realized I was looking at the wrong output file after solving the question before.
The output file from the zeek script will give the number of unique connections.

3 Replies

YasserSalama
Bronze I
5 months ago
Try 🍇
cat conn.log | zeek-cut id.orig_h id.resp_p | awk '$1=="192.168.100.103" {print $2}' | sort -u | wc -l
- bluejacket
  Bronze II
  5 months ago
  Thanks for your help. It was less about the filter and more about looking through all the other log outputs outside of conn.log
bluejacket
Bronze II
5 months ago
Got it! I realized I was looking at the wrong output file after solving the question before.
The output file from the zeek script will give the number of unique connections.

Forum Discussion

Zeek Ep 4 Scripting

3 Replies

Featured Places

Help & Support Forum

Related Content

Cross-Site Scripting: Ep.6 – Further Exploitation

Help with Introduction to Python Scripting: Ep.7 – Demonstrate Your Skills

Zeek - Demonstrate Your Skills

python-scripting-for-malware-analysis-ep-5-code-obfuscation

Re: Cross-Site Scripting: Ep.6 – Further Exploitation

Recent Discussions

Hack Your First Web App: Ep.4 Missing Cookie

It seems correct answer is not accepted.

Help with Introduction to Python Scripting: Ep.7 – Demonstrate Your Skills

Privilege Escalation: Windows – Finding Passwords

Microsoft Defender for Cloud: Inventory, Resource Health and Recommendations.