I used snort to capture same data to a file.
I am testing some malicious code that have not signatures within the default snort. So, I have to write my own rules.
I found some examples and explanations about writing snort rules such as
alert tcp any any -> 192.168.1.0/24 111 (content:"|00 01 86 a5|"; msg:"mountd access";)
The question: How can I added my own rules to snort and test it ?
I will be grateful for any help.
Thanks in advance.