VRT (people who maintain a ruleset for Snort) published free rules for detecting Heartbleed attempts. If you read their blog post about it[0] (and the comments), the first 5 bytes of all the Heartbeat messages are unencrypted and you are able to detect the lookup within those first 5 bytes.

[0] http://vrt-blog.snort.org/2014/04/heartbleed-memory-disclosu...