Question about rules

[Ricardo Barbosa <ricardobarbosams () yahoo com br>]

Hello I am entering the world of IPs and began to test and learn
snort, but I have a question about creating rules. I
I was reading the snort manual in PDF file and has a chapter of
writing rules, following the documentation I created a rule as
down

alert tcp any any -> 10.0.0.0/8 80 (content:"test_rule"; msg: "TEST 
HTTP";) 

assembled a network with virtualbox with the following topology

10.0.0.0/8(.2) <---> (.1) snort (.1) <---> 20.0.0.0/8(.2) 

I put a web server (apache) on 10.0.0.2 and created the following html
 
<html> 
<body> 
<h1> teste_rule</h1> 
</body> 
</html> 

and from the machine 20.0.0.2 try to access this page through snort,
looking at the above rule should not generate an alert in the
file /var/log/snort/alert??

Can someone help me where I'm missing?

Regards,


__________________________________________________
Faça ligações para outros computadores com o novo Yahoo! Messenger 
http://br.beta.messenger.yahoo.com/ 


------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users