I've been pondering the idea of how I could packet sniff my xbox all week using either Ethereal or tcpdump. I don't see any obvious way to tell the sniffer to sniff a specific MAC address so I'm wondering if this can be done using one of these utilities?

Well, first you obviously can filter it afterwards in Ethereal. Also man tcpdump , search ether src.

I don't understand what your saying? If I run tcpdump or ethereal it packet sniffs my local machine not the Xbox?? I want to tell the utility to specifically monitor all traffic from the Xbox MAC address ingnoring all traffic from my laptop that I would be running ethereal/tcpdump from. Anybody know how to do this? I'll look for the ether src in the man for tcpdump.

If your laptop and XBox are on the same hub, then running Ethereal as root will allow it to sniff all traffic by devices on the hub (since hubs are dumb devices and bradcast each incoming packet to all other ports). If you have a switch, though, the switch only sends the packet to the destination port (a switch, unlike a hub, has intelligence and space to store MAC address/port tables). Fancy managed switches allow for monitor/mirror ports to be configured so that all traffic is also sent to these ports for sniffing/IDS uses. A little consumer home dswitch would probably not have this feature, though. In that case you can buy a hub cheaply.

You could always try MAC spoofing to trick the switch into sending packets from the XBox yto your laptop, but I've never tried it.

A better option is to sniff on your network gateway to collect all outgoing traffic from the XBox. This is easy if you're using a Linux/BSD system as your network gateway -- just run Ethereal or tcpdump on it.

If you have 2 ethernet ports on your laptop via another card etc, you could set up a bridge and monitor that. The laptop would sit between the xbox and the hub/switch. Its easy to set up and also kinda fun.

Ok, I'm at work now messing around with two established SSH sessions. My laptop is connected to a 10base hub at home that runs off my NATTED 100base router. Another old machine (PII 400) is connected directly to one of the router ports. I ran this command:
tcpdump host 10.16.0.53 and my laptop started to actively monitor the packets from that machine instead of the laptop. This also worked using tcpdump src 10.16.0.53. So, I'm assuming my router acts more like a hub in this regard broadcasting all packets to all ports. I'm not using my laptop as a network gateway so that's not an option. I just tried using my router as the src address to see what packets it would capture. While running some ICMP pings it appeared that it was only capturing traffic that was directed at the router itself as opposed to all the traffic from machines connected to it.. In other words it wasn't showing traffic to my other machines when pinging them. Thanks for these tips guys! You really know your stuff and now I can't wait to see what type of traffic I can capture from my xbox/360 for fun. For instance, I would like to see the servers that my 360 connects to when I'm downloading stuff from the Xbox marketplace. PS - It was also fun seeing what an nmap scan looked like when monitoring my PII 400 desktop using tcpdump.

Welp, I tried to use the src and host option to tell it to sniff the 360 while I was downloading a demo. No dice... Not capturing anything. Maybe the xbox somehow prevents packet sniffing? Who knows. I should probably invest in a real router so I can properly monitor traffic coming in and out of my network.

Try using arpspoof from dsniff package to make the xbox think your MAC address is the one it wants to send packets to as to router. Do not forget to switch on ip_forward. Then you will be able to intercept its traffic. Also failopen mode of switch maybe useful: try to simultaniously ping with hping the router from different fake addresses. Maybe you should buy not router but just hub. If you have just ports on the router and no switch, then hub or switch (better hub) is needed.

Hmm, this sounds pretty technical. I'll have to look into this package.

First thing to try would be to send icmp redirects to your xbox, this is easier. something like sping or hping3 should do the trick.
The xbox has to accept them which is not alyays the case. Worth trying...