argus file format magic for file (1)
mike tancsa
mike at sentex.ca
Wed Aug 30 09:01:09 EDT 2017
As part of our DLP efforts, I use file to identify certain files that
could have potentially sensitive information laying about. Has anyone
created a definition for file to identify argus files ?
e.g. I can use file to programmatically figure out the file "misc-stuff"
is a pcap file
# file misc-stuff
misc-stuff: tcpdump capture file (little-endian) - version 2.4
(Ethernet, capture length 262144)
#
Where as argus data, no such luck
# file suspect.arg
suspect.arg: data
#
Has anyone created a magic definition for argus data ?
---Mike
More information about the argus
mailing list