The IPS should be able to see above layer 3. Layer 4 is where the session information resides – so it could tell the difference between UDP & TCP for example. It should be state-aware like a firewall. See the <a href=”http://en.wikipedia.org/wiki/Intrusion_prevention_system”>wikipedia article on Intrusion Prevention Systems</a>
IPS systems analysis all packets which are not encrypted. If you would would like to capture those packets you can do with the IPS or an ASA. <a href=”http://www.wireshark.org/”>Wireshark </a>is free to download for the file <a href=”http://analysisandreview.com/”>analysis</a>.