I completed the ZeekBro room on TryHackMe, which introduced me to Zeek, a powerful network monitoring and analysis tool often used in cybersecurity investigations. The room walked me through how to analyze network traffic and extract meaningful information from packet captures without having to inspect every single packet manually. I learned how Zeek organizes traffic into logs for different protocols, such as HTTP, DNS, and SSL, making it easier to see patterns, detect anomalies, and identify suspicious activity on the network.
Through the exercises, I practiced parsing DNS queries, identifying unusual connections, and counting unique domains accessed by hosts on the network. This hands-on experience helped me understand how analysts use Zeek to uncover hidden threats and piece together what’s happening on a network. By the end of the room, I had a much clearer understanding of network monitoring, log analysis, and how to use Zeek to quickly identify security-relevant events in real-world scenarios.