You need to investigate beaconing and possible data exfiltration. Compare using Zeek, Suricata/Snort, and Wireshark for this job.

Problem Statement

Explanation

Start broad with Zeek to get rich connection, DNS, and HTTP logs that summarize flows and give a fast timeline for beacon patterns. Use Suricata or Snort when you want signature-based alerts, real-time detection, or IPS blocking on known indicators. Drop to Wireshark when you need packet-level ground truth to decode protocols, confirm payloads, or extract files. In practice, teams combine all three to move from signals to deep proof.

Code Solution

SolutionRead Only

Zeek: zeek -i eth0
Suricata: eve.json alerts
Wireshark: follow TCP stream to verify payload

Practice Sets

This question appears in the following practice sets:

Sec Tools

Next Question

Master Interviews
Anywhere, Anytime

You need to investigate beaconing and possible data exfiltration. Compare using Zeek, Suricata/Snort, and Wireshark for this job.

Problem Statement

Explanation

Code Solution

Practice Sets

Related Questions

What does the CIA triad stand for in information security?

What is the primary purpose of a firewall in network security?

Which device or service filters HTTP(S) traffic specifically to protect web applications?

What best describes an SQL injection attack?

What principle underpins the Zero Trust security model?

More from System Security

Master Interviews Anywhere, Anytime

You need to investigate beaconing and possible data exfiltration. Compare using Zeek, Suricata/Snort, and Wireshark for this job.

Problem Statement

Explanation

Code Solution

Practice Sets

Related Questions

What does the CIA triad stand for in information security?

What is the primary purpose of a firewall in network security?

Which device or service filters HTTP(S) traffic specifically to protect web applications?

What best describes an SQL injection attack?

What principle underpins the Zero Trust security model?

More from System Security

Master Interviews
Anywhere, Anytime