Unless I've misunderstood you, either ethereal or snort could be used to do this. You'd probably want to go with Snort since it's command-line based and can run in the background less intrusively than ethereal. Snort can store (iirc) the entire contents of the packets it 'hears' either in one ASCII text file, multiple ASCII files (sorted by src addr, dst addr and dst port) or one big binary file, which is good for high-traffic sites since it stores the data more efficiently. You can then just use grep to search the text files or open the binary dumpfile in tcpdump or ethereal.
Snort, however, doesn't come with rh so you'll have to go to snort.org to get it.