mirror of
https://github.com/zeek/zeek.git
synced 2025-10-11 02:58:20 +00:00
037d582b0e
- It's derived from the magic database of libmagic 5.14, but with most everything not related to mime types removed. - The custom database is always used by default for mime detection, but the more verbose file type detection will fall back on the default libmagic installation's database. The result is: mime type strings are now guaranteed to be consistent across platforms, but the verbose file type descriptions are not. - The custom database gets installed in $prefix/share/bro/magic, and should even be extensible if files with new patterns are added inside the directory. - The search path for the mime magic database can be controlled via BROMAGIC environment variable. - Remove mime_desc field from ftp.log. - Stop using the mime/file type canonifier with unit tests. - libmagic >= 5.04 is now a requirement.
17 lines
667 B
Text
17 lines
667 B
Text
# See COPYING file in this directory for original libmagic copyright.
|
|
#------------------------------------------------------------------------------
|
|
# sniffer: file(1) magic for packet capture files
|
|
#
|
|
# From: guy@alum.mit.edu (Guy Harris)
|
|
#
|
|
|
|
#
|
|
# "libpcap" capture files.
|
|
# (We call them "tcpdump capture file(s)" for now, as "tcpdump" is
|
|
# the main program that uses that format, but there are other programs
|
|
# that use "libpcap", or that use the same capture file format.)
|
|
#
|
|
0 ubelong 0xa1b2c3d4 tcpdump capture file (big-endian)
|
|
!:mime application/vnd.tcpdump.pcap
|
|
0 ulelong 0xa1b2c3d4 tcpdump capture file (little-endian)
|
|
!:mime application/vnd.tcpdump.pcap
|