On Sun, 17 Aug 2003, Howard Lowndes wrote: > I need to configure a Linux box as a transparent data sniffer between an > Internet connection router and the subnet hub/switch to which it is > connected (see ASCII art below) > > Before: > > } +-------------+ > } +--------+ | |------- > I'net }--| router |---------------------| switch/hub |------- subnet > } +--------+ | |------- > } +-------------+ > A B > > After: > > } +-------------+ > } +--------+ +---------+ | |------- > I'net }--| router |-----| sniffer |-----| switch/hub |------- subnet > } +--------+ +----|----+ | |------- > } | +-------------+ > A C | D B > E > > The requirement is that interface A must continue to think that is is > still talking to the same addresses at B and the interfaces at B must > continue to think they are talking to the address at A. IOW, interface D > must mimic interface A and interface C must mimic interfaces B. > Connection to the sniffer will be at interface E. > > This to enable a transparent man-in-the-middle data sniff. It's OK, it is > for a legitimate purpose :) > > Does anyone have any pointers to this config. I believe it was discussed > on SLUG a few years back, but I can't think where to start looking.
Seriously, why not make a cable with the TX pair disconnected and plug a single interface into the existing link and sniff it directly, or, if it is a HUB, simply plug into the hub? I understand your problem if you have a switch there, but the first suggestion covers that. RossW -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
