I'd like to send the contents of a tcpdump through a simulated access-list and see what packets are getting blocked. So instead of applying an ACL to a live interface with a 'deny ip any any log' at the end, does anyone have a favorite tool/method for doing this? thx jeff