Hello, (background at the bottom)
I was wondering if anyone's done any work in using tcpdump or libpcap to do layer7 filtering. I'm interested in something that will allow me to get tcpdump (or some other ip capturing program) to ignore certain types of traffic. I figure that this question has to have been asked on this list before, but I haven't found anything. background: I'm looking to store traffic for forensic purposes for some length of time. The problem is that I've got something on the order of 150 mbs of traffic. Now, approximately 60% of that traffic is p2p traffic and I don't really care about that, so I'm looking for some way to get my packet capturer to ignore that traffic. With the port hopping capabilities of todays p2p apps, it would I need some way of actually decoding the traffic and determining at layer7 if the traffic is or is not p2p. So, any suggestions? Thanks. -Peter -- Peter Moody <[EMAIL PROTECTED]> Information Security Administrator 831/459.5409 Communications and Technology Services. http://mustard.ucsc.edu/pubkey UC, Santa Cruz. :wq
signature.asc
Description: This is a digitally signed message part
