argus file format magic for file (1)
Brad
brad at vt.edu
Wed Aug 30 09:06:46 EDT 2017
I'm not sure there is an identifier in the file. You could build a simple
parser and try to parse files that are marked as data. If that works, then
you would know it's an argus file. I did this once. I think the format is
published.
Brad
On Wed, Aug 30, 2017 at 9:01 AM, mike tancsa <mike at sentex.ca> wrote:
> As part of our DLP efforts, I use file to identify certain files that
> could have potentially sensitive information laying about. Has anyone
> created a definition for file to identify argus files ?
>
> e.g. I can use file to programmatically figure out the file "misc-stuff"
> is a pcap file
>
> # file misc-stuff
> misc-stuff: tcpdump capture file (little-endian) - version 2.4
> (Ethernet, capture length 262144)
> #
>
> Where as argus data, no such luck
>
> # file suspect.arg
> suspect.arg: data
> #
>
> Has anyone created a magic definition for argus data ?
>
> ---Mike
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20170830/ebc6a08d/attachment.html>
More information about the argus
mailing list