[Snort-sigs] WinMX connections and packet capture
jtjuslin at ...1151...
Thu Jun 5 06:37:04 EDT 2003
I would this kind of signature from this mailing list:
#WINMX NETWORK ALERT
alert tcp $HOME_NET !80 -> $EXTERNAL_NET 6699 (msg:"WinMX Network
How can I specify, that when the signature is matched, the packet capture
is also taken? Now the packet capture file doesn't record anything from
This would be useful to verify the activity, unless if the signature could
be improved itself.
Thanks for help,
More information about the Snort-sigs