// arsenal·Network AnalysisAdvancedFOSS

Zeek/formerly Bro/

Open-source network security monitoring — extracts protocol-level logs and IOCs.

Network Analysis

$ zeek --help

Zeek

// what it is

Description

Vern Paxson's research-grade NSM platform (renamed from 'Bro' in 2018). Watches traffic and produces dozens of high-signal logs — conn.log, dns.log, ssl.log — that feed SIEMs and threat-hunting workflows.

// use cases

What people use it for

Network-security monitoring
Threat hunting via flow logs

// commands

The commands you'll type

Process a pcap

$ zeek -r capture.pcap

// facts

category: Network Analysis
platforms: LIN · MAC
license: FOSS
difficulty: Advanced

// links

// related in Network Analysis

Network AnalysisBeginner

Wireshark

The reference open-source network protocol analyzer.

FOSS

LIN·WIN·MAC

open entry →

Network AnalysisIntermediate

tcpdump

The command-line packet sniffer that every Unix-like ships with.

FOSS

LIN·MAC

open entry →

Network AnalysisIntermediate

Ettercap

Classic LAN man-in-the-middle framework — ARP poisoning, DNS spoofing, filters.

FOSS

LIN·MAC

open entry →