tcpdump mailing list archives

Re: layer7 decoding.

From: Peter Moody <peter () ucsc edu>
Date: 25 Jun 2003 09:59:52 -0700


You would more likely acheive your goal with Snort rather than tcpdump.

Snort has the ability to inspect packet payloads, in addition to layers 
2/3/4. It may take some fiddling, but it should be possible.

Snort can output into tcpdump format, so the end result should be what 
you'd expect.


The problem with snort is that, to the best of my knowledge, it has no
'ignore p2p traffic ' option.  It also seems like it might be a little
slow for what I want.

I'll look into that though, just in case it already does what I'm
looking for.

Any suggestions would be appreciated.  Thanks.

-Peter

-- 
Peter Moody                             <peter () ucsc edu>
Information Security Administrator      831/459.5409
Communications and Technology Services. http://mustard.ucsc.edu/pubkey
UC, Santa Cruz.
:wq

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

layer7 decoding. Peter Moody (Jun 24)
- Re: layer7 decoding. Chris Keladis (Jun 25)
  - Re: layer7 decoding. Peter Moody (Jun 25)