tcpdump mailing list archives
layer7 decoding.
From: Peter Moody <peter () ucsc edu>
Date: 24 Jun 2003 15:43:00 -0700
Hello, (background at the bottom) I was wondering if anyone's done any work in using tcpdump or libpcap to do layer7 filtering. I'm interested in something that will allow me to get tcpdump (or some other ip capturing program) to ignore certain types of traffic. I figure that this question has to have been asked on this list before, but I haven't found anything. background: I'm looking to store traffic for forensic purposes for some length of time. The problem is that I've got something on the order of 150 mbs of traffic. Now, approximately 60% of that traffic is p2p traffic and I don't really care about that, so I'm looking for some way to get my packet capturer to ignore that traffic. With the port hopping capabilities of todays p2p apps, it would I need some way of actually decoding the traffic and determining at layer7 if the traffic is or is not p2p. So, any suggestions? Thanks. -Peter -- Peter Moody <peter () ucsc edu> Information Security Administrator 831/459.5409 Communications and Technology Services. http://mustard.ucsc.edu/pubkey UC, Santa Cruz. :wq
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- layer7 decoding. Peter Moody (Jun 24)
- Re: layer7 decoding. Chris Keladis (Jun 25)
- Re: layer7 decoding. Peter Moody (Jun 25)
- Re: layer7 decoding. Chris Keladis (Jun 25)