flowgrep

"flowgrep is a basic IDS/IPS tool written in python as a way to help you investigate and manage your network. it works by sniffing traffic, reassembling TCP streams, and IP and UDP fragments into single packets, and allowing you to "grep" through their payloads using regular expressions. the quality of the regular expression engine is similar to Perl's. think of it as a marriage of tcpflow, tcpkill, and ngrep.

You can specify any string or regular expression to look for and optionally set the stream to log or be killed (-l or -k, respectively). note that the kill option only works on TCP streams. you can look for expressions in the client or the server (or both) streams. note that for UDP and IP, both expressions are tested since no "stream" is established. you need root permissions to use this effectively since you are sniffing the network.

Logged streams are written out as two streams for TCP streams or a single file for UDP and IP payloads that match. the payload for any matched stream is written out. files are named 'time-source-sport-dest-dport-proto' in the local directory." Check it out...