Question $8$: Consider the following Snort rule:

kaliakali: $ mousepad $/$etc$/$snort$/$snort$.$conf

$*/$etc$/$snort$/$snort$.$conf$-$Mousepad

File Edit Search View Document Help

alert tcp $!192\mathrm{.}168\mathrm{.}1\mathrm{.}0/24$ any $192\mathrm{.}168\mathrm{.}1\mathrm{.}0/24!$:$1024$

a$)$ What type of connection this rule is applied to$?($include protocol name$)$

b$)$ What traffic is monitored? $($include source, destination, ports, and directions$)$

c$)$ Any additional requirement$/$characteristics in the traffic that the rule looks for?

d$)$ What happens when the rule is matched? $($include action$)$