Is Weird Really Weird? Parsing weird.log to Build Healthier Network

Tuesday, May 14 | 8:00AM–9:00AM CT | St. Gallen, Second Floor Event Centre
Session Type: Breakout Session
Delivery Format: Interactive Presentation
Bro (now Zeek), an open-source network analysis framework, produces lots of interesting log files based on network activity. One of these logs is the "weird.log" file, in which Bro/Zeek logs interesting activity that is not categorized as normal according to the TCP/IP protocol standards. This talk will present the research done on different weird notices flagged in the network traffic at the University of Delaware, and whether those flags were really weird or just network misconfigurations. We used Bro/Zeek's weird.log file to do analysis/troubleshooting of the network, resulting in some weird classification as normal/interesting for our environment.

Outcomes: Learn how to analyze, classify, and possibly remediate weird activity * Understand the types and cause of weird activity in your network * Learn to use Bro IDS as a tool to identify and correct network problems, apart from the conventional IDS use


  • Fatema Bannat Wala

Resources & Downloads


    Updated on 11/26/2019