[Snort-sigs] WinMX connections and packet capture

Jukka Juslin jtjuslin at ...1151...
Thu Jun 5 06:37:04 EDT 2003


I would this kind of signature from this mailing list:

#WINMX NETWORK ALERT
alert tcp $HOME_NET !80 -> $EXTERNAL_NET 6699 (msg:"WinMX Network
Connection"; flags:S;)

How can I specify, that when the signature is matched, the packet capture
is also taken? Now the packet capture file doesn't record anything from
the payload...

This would be useful to verify the activity, unless if the signature could
be improved itself.

Thanks for help,
Jukka




More information about the Snort-sigs mailing list