I can do a simple ICMP alert that works:
alert icmp any any -> any ( msg: "ICMP packet to high value
target!"; sid: 1; rev:1; priority: 1;)

Yet I cant create a simple text string detector to detect HTML strings:
alert tcp any any <> any any (msg:"somebody farted"; content:"poop"; sid:
2; rev:2; priority: 1;)

I wouldnt waste a mailing lists time with this, but I've setup an entire
ESXI lab with routers, switches, security monitors, and THIS.. THIS is what
is stumping me.

hints/clues/suggestions welcome.


