Travis (.com) branch:
![Build Status](https://camo.githubusercontent.com/2cdade45af0fb817f8f3477fe2611a9402ce73ac4cb5370990b1fb9093e54e00/68747470733a2f2f7472617669732d63692e636f6d2f676974687562666f616d2f7a65656b2d73616e64626f782e7376673f6272616e63683d6d6173746572)
vagrant up
$ export PATH=/opt/zeek/bin:$PATH
wget https://www.malware-traffic-analysis.net/2018/CTF/2018-CTF-from-malware-traffic-analysis.net-1-of-2.pcap.zip
https://www.malware-traffic-analysis.net/2018/CTF/index.htm
$ unzip 2018-CTF-from-malware-traffic-analysis.net-2-of-2.pcap.zip
password:infected
zeek -Cr 2018-CTF-from-malware-traffic-analysis.net-2-of-2.pcap
[vagrant@vg-zeek-02 ~]$ cat dhcp.log | zeek-cut mac
00:1e:67:4a:d7:5c
00:1e:67:4a:d7:5c
00:1e:67:4a:d7:5c
[vagrant@vg-zeek-02 ~]$ cat dhcp.log | zeek-cut client_addr
172.17.1.129
172.17.1.129
172.17.1.129
Q1: What is the MAC address of the Windows client at 172.17.1.129?
[vagrant@vg-zeek-02 ~]$ cat dhcp.log | zeek-cut mac client_addr | sort | uniq
00:1e:67:4a:d7:5c 172.17.1.129
Q2: What is the host name for the Windows client at 172.17.1.129?
$ cat dhcp.log | zeek-cut client_addr host_name | sort | uniq
172.17.1.129 Nalyvaiko-PC
"zeek-source" role, platform independent building from git source
<https://docs.zeek.org/en/stable/install/install.html#installing-from-source>