[Snort-users] How to know what is "any" ip address???

zT zzahra88 at ...11827...
Mon Feb 2 08:11:01 EST 2015


hello all i use
alert tcp any any -> any any (msg:"network found in packet content!!!";
content:"network"; sid:10000; )
when snort find a packet with FB content i want to which ip address this
packet is comes from (ip header of packet) and store this packet( it
content and headers) in a file.
how can do this ?
With Regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150202/d5f38212/attachment.html>


More information about the Snort-users mailing list