Need a "sniffer" type device that can be put between two network interfaces transparently. For example when an embedded device is not behaving and you need to monitor traffic between it and a switch (and don't have access to the switch monitoring functions).
Ingredients:
- Ubuntu
- A network card
- Another network card
- bridge-utils
- tcpdump
Set the machine up as a bridge:
sudo ifconfig eth0 promisc 0.0.0.0 up sudo ifconfig eth1 promisc 0.0.0.0 up sudo brctl addbr br0 sudo brctl addif br0 eth0 sudo brctl addif br0 eth1 sudo ip link set br0 up
To watch packets go between eth0 and eth1:
sudo tcpdump -i br0
