Ngrep and p2p
This the command I use to track down P2P conenctions through my networks:
ngrep -t -d ETH00:00 -q -i -W single -l \
'info_hash|torr|bitt|vuze|azue|tracker|edonk|aza|lime|emule\
|gift|gnutella|frostwire|morpheus|bearshare|uTorrent'
Note: it should all be on one line.
-i is ignore case
-w is word-regex (expression must match as a word)
-l is make stdout line buffered
-t is print timestamp every time a packet is matched
-W is set the dump format (normal, byline, single, none)
-d is use specified device instead of the pcap default