Sunday, January 3, 2016

Building an ethernet tap with linux

Say you want to see what's going on an ethernet line. And say the line runs something like PPPoE, i.e. a protocol below the internet layer, where the addressing is done by MAC addresses.

It's not possible to put an ordinary switch in the middle, as the ethernet frames would not get through. What is needed is an ethernet tap or port mirroring. An old-fashioned ethernet hub would work here, mirroring the traffic from either end of the original wire to a third port that could be monitored e.g. by Wireshark. But can this done be without a special device, with plain linux?