Thanks for such a prompt reply.
I will not use Linux even if you pay me. It has been OpenBSD

for me for past three years and it will remain so as long as

OpenBSD remains what it stands for.
That aside, see, I have used this tool called ourmon successfully

on OpenBSD to detect P2P traffic and block the users in

conjunction with authpf and pf. The tool can do other detections

as well. It matches packets/traffic-patterns with those observed

by network admins as being related to a specific type of application

protocol. Payload is not inspected, although a grep may be

happening. It works by passively monitoring the packets flowing

by, no kernel stuff involved.
Just want to know if anyone has come up with a good solution to

this problem. If there is none yet, fine, we continue with what we

have or even partial solutions will help a bit.
Thanks for your time.
Srikant Tangirala.
On Fri, May 9, 2008 at 11:55 AM, Reyk Floeter  wrote:
> On Fri, May 09, 2008 at 10:40:18AM +0530, Srikant Tangirala wrote:

quoted text
> > for all the common protocols? With my little bit

> > of knowledge what I figure is that we need some

> > piece of software(s) which understands each protocol

> > thoroughly, can look at raw packets in real-time

> > and detect the protocol being used. Even then,

>

> ah, i'm just looking at your mail again - you a are kidding, there is

> no way to do content inspection in "real-time". go and use linux where

> you can use stupid and dangerous stuff in the kernel. this is not what

> openbsd is about.

>

> reyk