I am a newbie about Snort. I try to write the snort rule to catch a download JPG file from internet. Here is my rule:
>> alert tcp any any <> $HOME_NET any (msg:"JPEG"; content:"|FF D8 FF E0|"; sid:1000001)
But it does not work. Do I missing somethings or do I need to config somethings for Snort?
Can everybody help me to find out the problem? Thank you.