$1.$ Alert on any traffic with the RST flag set to the server from $\mathrm{.}128.$ Your message should indicate: $"\mathrm{.}128$ Possible SYN Scan." $2.$ Alert on any FTP traffic with the SYN flag set from $\mathrm{.}128$ to the victim. Message should read: $"\mathrm{.}128$ attempt to FTP to victim." $3.$ Alert on any telnet traffic with the SYN flag set, from $\mathrm{.}128$ to the victim. Message should read: $"\mathrm{.}128$ attempt to telnet to victim." $4.$ Alert on any ssh traffic containing the keyword $"$SSH$-2",$ from $\mathrm{.}128$ to the server. Message should read: $"\mathrm{.}128$ attempt to SSH to server." $5.$ Alert on any http traffic from $\mathrm{.}128$ with the SYN flag set, from $\mathrm{.}128$ to the server. Message should read: $\mathrm{.}128$ attempt to the web server." $6.$ Alert on any http traffic from $\mathrm{.}128$ containing "apache$2.$conf" sent from $\mathrm{.}128$ to the server. Message should read "Found apache$2.$conf." $7.$ Alert on any packets from $\mathrm{.}128$ to the victim containing "passwd". Message should read: "Found passwd." $8.$ Alert on any packets from $\mathrm{.}128$ to the victim containing "shadow". Message should say "Found shadow" $9.$ Alert on any ftp traffic from the $\mathrm{.}128$ to the victim that contains "jgarrett" $.$ Message should read "jgarrett over ftp$".10.$ Alert on any ssh traffic from $\mathrm{.}128$ to the server with the FIN and ACK flags set. Message should read $"$F$/$A for SSH teardown."