tcpdump mailing list archives
Re: layer7 decoding.
From: Peter Moody <peter () ucsc edu>
Date: 25 Jun 2003 09:59:52 -0700
You would more likely acheive your goal with Snort rather than tcpdump. Snort has the ability to inspect packet payloads, in addition to layers 2/3/4. It may take some fiddling, but it should be possible. Snort can output into tcpdump format, so the end result should be what you'd expect.
The problem with snort is that, to the best of my knowledge, it has no 'ignore p2p traffic ' option. It also seems like it might be a little slow for what I want. I'll look into that though, just in case it already does what I'm looking for. Any suggestions would be appreciated. Thanks. -Peter -- Peter Moody <peter () ucsc edu> Information Security Administrator 831/459.5409 Communications and Technology Services. http://mustard.ucsc.edu/pubkey UC, Santa Cruz. :wq
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- layer7 decoding. Peter Moody (Jun 24)
- Re: layer7 decoding. Chris Keladis (Jun 25)
- Re: layer7 decoding. Peter Moody (Jun 25)
- Re: layer7 decoding. Chris Keladis (Jun 25)