20220612_10_MakrisJohn

docx

School

University of Cincinnati, Main Campus *

*We aren’t endorsed by this school

Course

3075C

Subject

Information Systems

Date

Apr 3, 2024

Type

docx

Pages

Uploaded by DoctorFlagCamel35

IT3075C: Network Monitoring & IPS Johnny Makris Assignment 10: The Bro/Zeek Platform 1. In a Word (docx) document, please provide the following: a. Take a screen capture after having used the "zeek-cut" (bro-cut has been depreciated - if you upgraded) command on any log file that contains information, such as: ssl.log, http.log, conn.log, for example, that displays: i. timestamp, ii. unique id, iii. source host, iv. source port, v. destination host, vi. destination port, and vii. method You can follow the commands for bro below: sudo su wireshark

IT3075C: Network Monitoring & IPS Johnny Makris Assignment 10: The Bro/Zeek Platform (capture network traffic” from ens160 internet source and save the pcapng file giving a name (brotest) on a Desktop folder such as “Bro) cd /Desktop/Bro bro -C -r brotest.pcapng apt install bro apt install bro-aux ls cat ssl.log | bro-cut -d ts uid id.orig_h id.orig_p id.resp_h method 2. What information was displayed The data that was shown was the first lines of each column's labels that were collected. Here is a description of every field that is reported, with an example provided. Duration is the amount of time that passes between a session's first and end packet. Ip.orig_h= Source IP Address Ip.resp_h=Destination IP Address 3. What command would you use to see the version of Zeek or Bro you are running? Hint: bro --version a. Share a screen capture having run this command.

IT3075C: Network Monitoring & IPS Johnny Makris Assignment 10: The Bro/Zeek Platform

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

20220612_10_MakrisJohn

Related Documents