http-identified-files.bro

CS_Lee · October 17, 2008, 1:50am

hi seth,

In http transaction, some of the executable files are transfer via this mime type -

application/octet-stream

I have appended it for watched_mime_types in http-identified-files.bro and it works fine.

Cheers ;]

Seth_Hall · October 17, 2008, 2:42am

You might want to check the description for those files. There are a lot of other files that are identified as octet-streams, or at least as far as I can remember when I was working on that script a while ago.

.Seth

Topic		Replies	Views
file identification modification Zeek	6	87	May 6, 2022
Extract files not authentic copy of file Zeek	9	72	May 6, 2022
SMTP attachments and files from other ports/protocols Zeek	4	60	May 6, 2022
Converting file transfer signature hits into file analyzer events Zeek	1	46	May 6, 2022
Trouble with ASYMETRIC FTP traffic Zeek	2	43	May 6, 2022

http-identified-files.bro

Related Topics