protocol watcher

[Justin Pryzby <justinpryzby () users sourceforge net>]

I have an idea which seems very applicable to this list; I'm not sure if
it exists yet.  http://sf.net/projects/protowatch/ documents my idea for
a kernel patch or somesuch which would be an iptables target, accepting
all connections and logging the clients initial query to a file.  This
would make it real easy to identify some stuff, especially TCP:6346
Gnutella and the like.  Otherwise, one must allow for connections to the
given port, and set up a netcat listener, which is kind of a pain in the
butt.

My question: does something like this exist?

Justin Pryzby

----------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place. http://www.securityfocus.com/BlackHat-incidents 
----------------------------------------------------------------------------