4/13/2023 0 Comments Parse dns log![]() When we look at UID, you can see that they look exactly the same way they looked in the HTTP log. ![]() ![]() One of the first things we're going to look at will be basically to verify that we can see a user ID. We will parse it would zeek cut just like we have the others. ![]() Again, this is important from when we tried to see were a piece of malware, or a user, or something like that was trying to actually go or end up. We can see source IP, source port, destination IP, dest port, protocol, transaction ID, query, query class, query name, query type, query type name, return code, returned code name, we can see all that stuff in there. We can can clearly see queries, we can see UIDs which we talked about earlier that helps us uniquely identify a session. We're going to go ahead and take a look at the DNS log like we did the others, and what you see is, it's formatted similarly to the other logs, but it's got quite different information in there. As you can see, we're back at my Kali console here. The DNS log is very useful for the simple fact that you see queries, you see where people, or devices, or malware was trying to resolve or where it was trying to go. Next we're going to be looking at the DNS log, and it's just another one of the zeek logs that we'll be digging into.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |