OwlArch

Software

🔙 Go back home

Zeek

Network Traffic Monitoring and Analysis Framework

Introduction

Zeek (formerly Bro) is an open-source network analysis tool designed for security monitoring, intrusion detection, and generating detailed logs of network activity. It provides deep visibility into protocols, connections, and anomalies in real time.

Features

Installation

  1. Open a terminal.
  2. Install Zeek using:
    sudo pacman -S zeek  
    

Install Verification

Check the version to confirm installation:

zeek -v  

Uninstall

sudo pacman -R zeek  

Usage

Analyze Live Traffic

sudo zeek -i eth0  

Process a PCAP File

zeek -r capture.pcap  

Inspect Generated Logs

List logs:

ls -l *.log  

View connection logs:

cat conn.log | zeek-cut id.orig_h id.resp_h service  

Example Workflow

Detect SSH Brute-Force Attacks

  1. Analyze traffic:
    sudo zeek -i eth0 local "Site::local_nets += { 192.168.1.0/24 }"  
    
  2. Check notice.log for alerts:
    cat notice.log | grep "SSH::Bruteforce"  
    

Configuration

Main Configuration Files

Example: Add a Custom Network Range

Edit local.zeek:

nano /usr/local/zeek/share/zeek/site/local.zeek  

Add:

redef Site::local_nets += { 10.0.0.0/8 };  

Official Documentation & More Info

Contributing

Support

License

Zeek is released under the BSD 3-Clause License.


🔙 Wireshark 🔜 OwlSearch