I put this question on the Proxmox VE forum as well, but I figured
somebody here might have already fought this battle.
Is there any trick to forward traffic promiscuously from one port on a
linux bridge to another port on the same bridge? The goal being to run
a pcap with wireshark on a guest VM to pick up traffic from mirrored
switch port.
Background:
A vendor needs me to capture traffic to and from a device we're
troubleshooting. It so happens I had a Proxmox VE installation at the
same location, and the host machine had an extra NIC. So I mirrored a
port on the switch, connected the mirrored port to the extra interface
on the proxmox server, added that port to a new linux bridge, and added
a new interface on a windows guest to run Wireshark.
The problem (which makes perfect sense in hindsight) is that the bridge
on the host won't forward any of the packets to the guest because the
guest does not match any of the destination MAC addresses.
For the immediate need, I ran tcpdump on the host and then just copied
the pcap file to the guest. It would be convenient if the vendor's tech
support guy could remote into the windows machine and run wireshark
whenever he wants to. I read several (old) posts on serverfault and
other places saying to set the bridge aging timeout to 0 to "make it act
like a hub", but that method does not seem to have any effect for me.
