[Snort-users] How to know what is "any" ip address???

[zT <zzahra88 () gmail com>]

hello all i use
alert tcp any any -> any any (msg:"network found in packet content!!!";
content:"network"; sid:10000; )
when snort find a packet with FB content i want to which ip address this
packet is comes from (ip header of packet) and store this packet( it
content and headers) in a file.
how can do this ?
With Regards.

------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!