Re: layer7 decoding.

[Chris Keladis <Chris.Keladis () cmc optus net au>]

Peter Moody wrote:

Hi Peter,

> I was wondering if anyone's done any work in using tcpdump or libpcap to
> do layer7 filtering.  I'm interested in something that will allow me to
> get tcpdump (or some other ip capturing program) to ignore certain types
> of traffic.  I figure that this question has to have been asked on this
> list before, but I haven't found anything.

You would more likely acheive your goal with Snort rather than tcpdump.

Snort has the ability to inspect packet payloads, in addition to layers 
2/3/4. It may take some fiddling, but it should be possible.

Snort can output into tcpdump format, so the end result should be what 
you'd expect.




Regards,

Chris.

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe