layer7 decoding.

[Peter Moody <peter () ucsc edu>]

Hello,

(background at the bottom)

I was wondering if anyone's done any work in using tcpdump or libpcap to
do layer7 filtering.  I'm interested in something that will allow me to
get tcpdump (or some other ip capturing program) to ignore certain types
of traffic.  I figure that this question has to have been asked on this
list before, but I haven't found anything.

background:
I'm looking to store traffic for forensic purposes for some length of
time.  The problem is that I've got something on the order of 150 mbs of
traffic.  Now, approximately 60% of that traffic is p2p traffic and I
don't really care about that, so I'm looking for some way to get my
packet capturer to ignore that traffic.  With the port hopping
capabilities of todays p2p apps, it would I need some way of actually
decoding the traffic and determining at layer7 if the traffic is or is
not p2p.

So, any suggestions?

Thanks.

-Peter

-- 
Peter Moody                             <peter () ucsc edu>
Information Security Administrator      831/459.5409
Communications and Technology Services. http://mustard.ucsc.edu/pubkey
UC, Santa Cruz.
:wq

Attachment: signature.asc
Description: This is a digitally signed message part