Probably a packet sniffer. If they suspect folks of downloading / trading across a campus network they can set the switches up and run a packet sniffer off of it. Or, like where I work ( AT&T ) there are dedicated sniffers sitting on the network to watch everything.

Their firewall systems will likely log all incoming / outgoing traffic so they know what websites you're looking at. They also will know what ports your p2p application will use and can flag those as well. Surprised they haven't blocked them to be honest.

Trading stuff between students on campus is easier to do if you encrypt all the data between the systems. Coming off of a website or MIRC will be more difficult unless the party on the other side also encrypts their data.

-Daye