> > You would more likely acheive your goal with Snort rather than tcpdump. > > Snort has the ability to inspect packet payloads, in addition to layers > 2/3/4. It may take some fiddling, but it should be possible. > > Snort can output into tcpdump format, so the end result should be what > you'd expect.
The problem with snort is that, to the best of my knowledge, it has no 'ignore p2p traffic ' option. It also seems like it might be a little slow for what I want. I'll look into that though, just in case it already does what I'm looking for. Any suggestions would be appreciated. Thanks. -Peter -- Peter Moody <[EMAIL PROTECTED]> Information Security Administrator 831/459.5409 Communications and Technology Services. http://mustard.ucsc.edu/pubkey UC, Santa Cruz. :wq
signature.asc
Description: This is a digitally signed message part
