replicate traffic from all ports to monitor port
 

Hello,

I would like to know if there is a way to make a homemade Linux router duplicate and send all traffic from other ports to a monitoring port. I know that in Cisco they use span ports but I'm not sure of what it's referred to in Linux.

Thanks!

In Wireshark you can select any Pseudo-device that captures all interfaces. Or you can directly run captures on any interface you want.

Thanks for your reply! I know about those options but I wanted the ability to offload the traffic monitoring to another machine as the local machine would be doing other work.

Ok I see where you are going. Just to clarify, on Cisco port-mirroring works by doing a 1 port to 1 port mirror. I don't believe it can capture all the interfaces.

I actually work in an environment where we do that with some layer three switches and 2960s so I know it's possible with Cisco switches. That's where I got the inspiration to do it in my project.

Regardless, I still don't know how to make my own homemade box do it.

If anyone has suggestions please let me know.