File Detection
File Detections
NETALERT employs several methods to detect file types in the network traffic:
- Files that are detected in SMTP traffic (based on MIME-TYPE) - SMTP files are identified when a SMTP connection is initiated in the monitored traffic by intercepting the SMTP connection. Whenever a party adds files to the communication, file type is detected.
- Files that are detected in FTP transfers
- HTTP
- Byte detections - are done automatically on the payload of traffic in order to detect the type of content which is beeing trasferred.
| NETALERT suports the following file types: |
|---|
| Windows iconprinter spool file |
| MPEG video file |
| DVD video files |
| Windows cursor |
| Compucon-Singer embroidery design file |
| QuattroPro spreadsheet |
| Amiga Hunk executable |
| Wii images container |
| Lotus 1-2-3 (v1) |
| Lotus 1-2-3 (v3) |
| Lotus 1-2-3 (v4-v5) |
| Lotus 1-2-3 (v9) |
| Quark Express (Intel) |
| Quark Express (Motorola) |
| Windows Help file_1 |
| TrueType font file |
| Microsoft Money file |
| Microsoft Access 2007 |
| Microsoft Access |
| Palm Address Book Archive |
| Palm DateBook Archive |
| Netscape Navigator (v4) database |
| Mbox table of contents file |
| FLIC animation |
| BIOS details in RAM |
| Netscape Communicator (v4) mail folder |
| PowerPoint presentation subheader_1 |
| Webex Advanced Recording Format |
| Firebird and Interbase database files |
| The Bat! Message Base Index |
| SQL Data Base |
| Novell LANalyzer capture file |
| Silicon Graphics RGB Bitmap |
| Micrografx vector graphic file |
| Digital Speech Standard file |
| MapInfo Native Data Format |
| dBASE III file |
| Quicken price history |
| Nokia PC Suite Content Copier file |
| Approach index file |
| Digital Speech Standard (v3) |
| dBASE IV file |
| INFO2 Windows recycle bin_1 |
| INFO2 Windows recycle bin_2 |
| Adobe InDesign |
| Material Exchange Format |
| Generic drawing programs |
| SkinCrafter skin |
| DesignTools 2D Design file |
| dBASE IV or dBFast configuration file |
| Excel spreadsheet subheader_1 |
| ZSOFT Paintbrush file_1 |
| ZSOFT Paintbrush file_2 |
| ZSOFT Paintbrush file_3 |
| MultiBit Bitcoin wallet file |
| Monochrome Picture TIFF bitmap |
| DeskMate Document |
| Nero CD compilation |
| DeskMate Worksheet |
| PowerPoint presentation subheader_2 |
| Sibelius Music - Score |
| Easy CD Creator 5 Layout file |
| Windows prefetch file |
| Lotus Notes database template |
| Lotus Notes database |
| LH archive (old vers.-type 1) |
| LH archive (old vers.-type 2) |
| LH archive (old vers.-type 3) |
| LH archive (old vers.-type 4) |
| LH archive (old vers.-type 5) |
| Compressed archive file |
| WinPharoah capture file |
| WebM video file |
| Matroska stream file_1 |
| Matroska stream file_2 |
| Runtime Software disk image |
| WordStar Version 5.0-6.0 document |
| GZIP archive file |
| VLC Player Skin file |
| Synology router configuration backup file |
| Compressed tape archive_1 |
| Compressed tape archive_2 |
| MapInfo Sea Chart |
| NOAA Raster Navigation Chart (RNC) file |
| AIN Compressed Archive |
| Unix archiver (ar)-MS Program Library Common Object File Format (COFF) |
| Microsoft Outlook Exchange Offline Storage Folder |
| Cerius2 file |
| VMware 4 Virtual Disk description |
| MS Developer Studio project file |
| Google Earth Keyhole Placemark file |
| Adaptive Multi-Rate ACELP Codec (GSM) |
| Skype audio compression |
| Radiance High Dynamic Range image file |
| VBScript Encoded script |
| NVIDIA Scene Graph binary file |
| Brother-Babylock-Bernina Home Embroidery |
| Brother-Babylock-Bernina Home Embroidery |
| SPSS Data file |
| Encapsulated PostScript file |
| PDF file |
| Fuzzy bitmap (FBM) file |
| BinHex 4 Compressed Archive |
| Symantec Wise Installer log |
| Compressed archive |
| RealPlayer video file (V11+) |
| RealMedia streaming media |
| RealAudio file |
| RealAudio streaming media |
| NeXT-Sun Microsystems audio file |
| Thunderbird-Mozilla Mail Summary File |
| MS security catalog file |
| Windows Event Viewer file |
| GEnealogical Data COMmunication (GEDCOM) file |
| Windows Media Audio-Video File |
| National Transfer Format Map |
| cpio archive |
| MS Write file_1 |
| MS Write file_2 |
| Pfaff Home Embroidery |
| Tcpdump capture file |
| 7-Zip compressed file |
| zisofs compressed file |
| Photoshop image |
| Surfplan kite project file |
| Advanced Stream Redirector |
| BizTalk XML-Data Reduced Schema |
| AOL HTML mail |
| Windows Script Component |
| Windows Visual Stylesheet |
| User Interface Language |
| MMC Snap-in Control file |
| Picasa movie project file |
| Csound music |
| Google Earth Keyhole Overlay file |
| Adobe FrameMaker |
| GPS Exchange (v1.1) |
| BASE85 file |
| Quatro Pro for Windows 7.0 |
| Windows Help file_2 |
| EndNote Library File |
| Analog Box (ABox) circuit files |
| Generic AutoCAD drawing |
| Steganos virtual secure drive |
| AOL parameter-info files |
| Harvard Graphics symbol graphic |
| AOL config files |
| AOL and AIM buddy list |
| AOL address book |
| AOL user configuration |
| AOL client preferences-settings file |
| AOL address book index |
| AOL personal file cabinet |
| AVG6 Integrity database |
| RIFF Windows Audio |
| FreeArc compressed file |
| NTFS MFT (BAAD) |
| Google Chrome dictionary file |
| vCard |
| Speedtouch router firmware |
| Bitmap image |
| Palmpilot resource file |
| Better Portable Graphics |
| bzip2 compressed archive |
| Mac Disk image (BZ2 compressed) |
| Puffer ASCII encrypted archive |
| Blink compressed archive |
| RagTime document |
| EA Interchange Format File (IFF)_3 |
| WordPerfect dictionary |
| ISO-9660 CD Disc Image |
| RIFF CD audio |
| Compressed ISO CD image |
| Windows 7 thumbnail |
| Corel Binary metafile |
| COM+ Catalog |
| VMware 3 Virtual Disk |
| Corel Photopaint file_1 |
| Corel Photopaint file_2 |
| Win9x registry hive |
| Crush compressed archive |
| Shockwave Flash file |
| Calculux Indoor lighting project file |
| WhereIsIt Catalog |
| IE History file |
| Google Chrome Extension |
| Google Chromium patch update |
| Creative Voice |
| PowerISO Direct-Access-Archive image |
| DAX Compressed CD image |
| Palm Zire photo database |
| Amiga DiskMasher compressed archive |
| Amiga disk file |
| DST Compression |
| DVR-Studio stream file |
| DVD info file |
| Elite Plus Commander game file |
| VideoVCD-VCDImager file |
| Apple ISO 9660-HFS hybrid CD image |
| EasyRecovery Saved State file |
| DSD Storage Facility audio file |
| MS Document Imaging file |
| Expert Witness Compression Format |
| EnCase Evidence File Format V2 |
| Windows Vista event log |
| QuickBooks backup |
| MS Fax Cover Sheet |
| Fiasco database definition file |
| NTFS MFT (FILE) |
| Flash video file |
| IFF ANIM file |
| EA Interchange Format File (IFF)_1 |
| Audio Interchange File |
| DAKX Compressed Audio |
| Shockwave Flash player |
| Generic e-mail_2 |
| GIF file |
| GIMP pattern file |
| General Regularly-distributed Information (GRIdded) Binary |
| Show Partner graphics file |
| Genetec video archive |
| SAP PowerBuilder integrated development environment file |
| SAS Transport dataset |
| Harvard Graphics presentation file |
| TIFF file_1 |
| MP3 audio file |
| Sprint Music Store audio |
| Canon RAW file |
| TIFF file_2 |
| Windows 7 thumbnail_2 |
| Install Shield compressed file |
| MS Reader eBook |
| MS Compiled HTML Help File |
| Inno Setup Uninstall Log |
| Inter@ctive Pager Backup (BlackBerry file |
| JARCS compressed archive |
| AOL ART file_1 |
| AOL ART file_2 |
| VMware 4 Virtual Disk |
| KGB archive |
| Win9x printer spool file |
| KWAJ (compressed) file |
| Windows shortcut file |
| MS COFF relocatable object code |
| Tajima emboridery |
| Windows help file_3 |
| EA Interchange Format File (IFF)_2 |
| DeluxePaint Animation |
| Logical File Evidence Format |
| Merriam-Webster Pocket Dictionary |
| Mozilla archive |
| Microsoft-MSN MARC archive |
| MATLAB v5 workspace |
| MAr compressed archive |
| "Windows dump file |
| Milestones project management file |
| Skype localization data file |
| TIFF file_3 |
| TIFF file_4 |
| inserter(std::string( |
| Yamaha Synthetic music Mobile Application Format |
| VMware BIOS state file |
| Microsoft cabinet file |
| OneNote Package |
| Powerpoint Packaged Presentation |
| MS Access Snapshot Viewer file |
| OLE-SPSS-Visual C++ library file |
| Health Level-7 data (pipe delimited) file |
| Microsoft Windows Imaging Format |
| Sony Compressed Voice File |
| MIDI sound file |
| Yamaha Piano |
| CD Stomper Pro label file |
| Milestones project management file_1 |
| Milestones project management file_2 |
| Windows-DOS executable file |
| MS audio compression manager driver |
| Library cache file |
| Control panel application |
| Font file |
| ActiveX-OLE Custom Control |
| OLE object library |
| Screen saver |
| VisualBASIC application |
| Windows virtual device drivers |
| Acrobat plug-in |
| DirectShow filter |
| udition graphic filter |
| ZoneAlam data file |
| MS C++ debugging symbols file |
| Visual Studio .NET file |
| Windows Media Player playlist |
| MapSource GPS Waypoint Database |
| TomTom traffic data |
| MS Windows journal |
| NES Sound file |
| National Imagery Transmission Format file |
| Agent newsreader character map |
| 1Password 4 Cloud Keychain |
| Psion Series 3 Database |
| OpenType font |
| Ogg Vorbis Codec compressed file |
| Visio-DisplayWrite 4 text file |
| Quicken QuickFinder Information File |
| Portable Graymap Graphic |
| Quake archive file |
| Windows memory dump |
| PAX password protected bitmap |
| PestPatrol data-scan strings |
| PGP disk image |
| ChromaGraph Graphics Card Bitmap |
| PKZIP archive_1 |
| Android package |
| MacOS X Dashboard Widget |
| MS Office Open XML Format Document |
| Java archive_1 |
| Google Earth session file |
| KWord document |
| OpenDocument template |
| Microsoft Open XML paper specification |
| OpenOffice documents |
| StarOffice spreadsheet |
| Windows Media compressed skin file |
| Mozilla Browser Archive |
| XML paper specification file |
| eXact Packager Models |
| Open Publication Structure eBook |
| ZLock Pro encrypted ZIP |
| MS Office 2007 documents |
| Java archive_2 |
| PKZIP archive_2 |
| PKZIP archive_3 |
| PKLITE archive |
| PKSFX self-extracting archive |
| Windows Program Manager group file |
| Norton Disk Doctor undo file |
| Microsoft Windows User State Migration Tool |
| Dreamcast Sound Format |
| Puffer encrypted archive |
| Parrot Video Encapsulation |
| Quicken data |
| Qcow Disk Image |
| RIFF Qualcomm PureVoice |
| Quicken data file |
| Outlook-Exchange message subheader |
| Shareaza (P2P) thumbnail |
| R saved work space |
| WinNT Registry-Registry Undo files |
| Antenna data file |
| Windows animated cursor |
| Corel Presentation Exchange metadata |
| CorelDraw document |
| Video CD MPEG movie |
| Micrografx Designer graphic |
| 4X Movie video |
| Resource Interchange File Format |
| RIFF Windows MIDI |
| WinNT Netmon capture file |
| WinRAR compressed archive |
| Generic e-mail_1 |
| Windows prefetch |
| Underground Audio |
| Img Software Bitmap |
| SMPTE DPX (big endian) |
| Harvard Graphics presentation |
| Sietronics CPI XRD document |
| Flexible Image Transport System (FITS) file |
| StuffIt archive |
| SmartDraw Drawing file |
| StorageCraft ShadownProtect backup file |
| MultiBit Bitcoin blockchain file |
| SQLite database file |
| DB2 conversion file |
| QBASIC SZDD file |
| SZDD file format |
| StuffIt compressed archive |
| SuperCalc worksheet |
| Wii-GameCube |
| GNU Info Reader file |
| Unicode extensions |
| UFA compressed archive |
| UFO Capture map file |
| Visual C PreCompiled header |
| Visual Basic User-defined Control file |
| MapInfo Interchange Format file |
| SPSS template |
| RIFF Windows Audio |
| RIFF WebP |
| Walkman MP3 file |
| WordStar for Windows file |
| WinZip compressed archive |
| Lotus WordPro file |
| Exchange e-mail |
| Packet sniffer files |
| XPCOM libraries |
| SMPTE DPX file (little endian) |
| MS Publisher |
| ZOO compressed archive |
| Macromedia Shockwave Flash |
| MS Exchange configuration file |
| Visual C++ Workbench Info File |
| Dial-up networking file |
| Lotus AMI Pro document_1 |
| VocalTec VoIP media file |
| Microsoft Code Page Translation file |
| Flight Simulator Aircraft Configuration |
| WinAmp Playlist |
| Lotus AMI Pro document_2 |
| Husqvarna Designer |
| Jar archive |
| EnCase case file |
| Compressed archive file |
| UUencoded file |
| UUencoded BASE64 file |
| Binary property list (plist) |
| Apple Core Audio File |
| Macintosh encrypted Disk image (v1) |
| Virtual PC HD image |
| Photoshop Custom Shape |
| Intel PROset-Wireless Profile |
| Torrent file |
| Dalvik (Android) executable file |
| Audacity audio file |
| MS Visual Studio workspace file |
| Macintosh encrypted Disk image (v2) |
| WinNT printer spool file |
| Free Lossless Audio Codec file |
| MPEG-4 video file_1 |
| Apple Lossless Audio Codec file |
| ISO Media-MPEG v4-iTunes AVC-LC |
| MPEG-4 video file_2 |
| ISO Base Media file (MPEG-4) v1 |
| MPEG-4 video-QuickTime file |
| QuickTime movie_7 |
| Win2000-XP printer spool file |
| GIMP file |
| Win Server 2003 printer spool file |
| MacOS icon file |
| Skype user data file |
| QuickTime movie_1 |
| QuickTime movie_2 |
| QuickTime movie_3 |
| QuickTime movie_4 |
| QuickTime movie_5 |
| QuickTime movie_6 |
| Internet Explorer v11 Tracking Protection List |
| MultiBit Bitcoin wallet information |
| SMS text (SIM) |
| 1Password 4 Cloud Keychain encrypted data |
| WinNT registry file |
| Sonic Foundry Acid Music File |
| RealMedia metafile |
| Allegro Generic Packfile (compressed) |
| Allegro Generic Packfile (uncompressed) |
| PalmOS SuperMemo |
| STL (STereoLithography) file |
| CALS raster bitmap |
| PowerBASIC Debugger Symbols |
| PathWay Map file |
| TrueType font |
| Tape Archive |
| OpenEXR bitmap image |
| Qimage filter |
| MacOS X image file |
| eXtensible ARchive file |
| ZoomBrowser Image Index |
| Windows application log |
| Google Drive Drawing link |
| MS WinMobile personal note |
| Rich Text Format |
| Huskygram Poem or Singer embroidery |
| Corel Paint Shop Pro image |
| Easy Street Draw diagram file |
| Digital Watchdog DW-TP-500G audio |
| ELF executable |
| Relocatable object code |
| Dreamcast audio |
| Kodak Cineon image |
| Outlook Express address book (Win95) |
| WordPerfect text |
| PNG image |
| Generic JPEGimage fil |
| JPEG-EXIF-SPIFF images |
| MS Answer Wizard |
| Hamarsoft compressed archive |
| PGP secret keyring_1 |
| PGP secret keyring_2 |
| JBOG2 image file |
| GPG public keyring |
| PGP public keyring |
| Outlook address file |
| tcpdump (libpcap) capture file |
| Extended tcpdump (libpcap) capture file |
| Access Data FTK evidence |
| Khronos texture file |
| Quicken data |
| PowerPoint presentation subheader_3 |
| Java serialization data |
| BGBlitz position database file |
| Win95 password file |
| PCX bitmap |
| Acronis True Image_1 |
| Windows calendar |
| InstallShield Script |
| MS Write file_3 |
| Palm Desktop DateBook |
| MS Agent Character file |
| Adobe encapsulated PostScript |
| Jeppesen FliteLog file |
| Java bytecode |
| Nokia phone backup file |
| NAV quarantined virus file |
| Acronis True Image_2 |
| Java Cryptography Extension keystore |
| OS X ABI Mach-O binary (32-bit reverse) |
| Perfect Office document |
| Outlook Express e-mail folder |
| OS X ABI Mach-O binary (64-bit reverse) |
| Microsoft Office document |
| CaseWare Working Papers |
| Access project file |
| Lotus-IBM Approach 97 file |
| MSWorks database file |
| Microsoft Common Console Document |
| Microsoft Installer package |
| Microsoft Installer Patch |
| Minitab data file |
| ArcMap GIS project file |
| Developer Studio File Options file |
| MS Publisher file |
| Revit Project file |
| Visual Studio Solution User Options file |
| SPSS output file |
| Visio file |
| MSWorks text document |
| WinPharoah filter file |
| AOL history |
| WinDump (winpcap) capture file |
| Windows graphics metafile |
| Word 2.0 file |
| Corel color palette |
| eFax file |
| Amiga icon |
| Win98 password file |
| MS OneNote note |
| Windows executable file_1 |
| Windows executable file_2 |
| Windows executable file_3 |
| GEM Raster file |
| BitLocker boot sector (Vista) |
| BitLocker boot sector (Win7) |
| Word document subheader |
| RedHat Package Manager |
| UTF-8 file |
| Windows Script Component (UTF-8)_1 |
| Windows Script Component (UTF-8)_2 |
| YouTube Timed Text (subtitle) file |
| FAT12 File Allocation Table |
| FAT16 File Allocation Table |
| FAT32 File Allocation Table_1 |
| FAT32 File Allocation Table_2 |
| Bitcoin-Qt blockchain block file |
| XZ archive |
| MS Publisher subheader |
| Thumbs.db subheader |
| MS Publisher file subheader |
| Visual Studio Solution subheader |
| PowerPoint presentation subheader_4 |
| Excel spreadsheet subheader_2 |
| PowerPoint presentation subheader_5 |
| Excel spreadsheet subheader_3 |
| Developer Studio subheader |
| Excel spreadsheet subheader_4 |
| Excel spreadsheet subheader_5 |
| Excel spreadsheet subheader_6 |
| Excel spreadsheet subheader_7 |
| PowerPoint presentation subheader_6 |
| OS X ABI Mach-O binary (32-bit) |
| OS X ABI Mach-O binary (64-bit) |
| JavaKeyStore |
| Symantex Ghost image file |
| UTF-16-UCS-2 file |
| Windows executable |
| Works for Windows spreadsheet |
| QuickReport Report |
| Windows international code page |
| Keyboard driver file |
| WordPerfect text and graphics |
| MPEG-4 AAC audio |
| MPEG-2 AAC audio |
| Windows Registry file |
| UTF-32-UCS-2 file |
| UTF-32-UCS-4 file |
| MSinfo file |
| DOS system driver |