Discussion started by rs232, Aug 14, 2010.

    Is it technically possible to SPAN an Ethernet port on the current AP hardware technology? (for sniffing/troubleshooting)

    Sometime I get lot of traffic in/out the internet and plugging a sniffer would really help but due to the switching nature I can see only traffic from/to the sniffer box.

    A few people have experimented with iptable commands to mirror traffic.. you should find them in this very subforum.
    However, nothing really replaces the good old switch with span port.
    # iptables -j ROUTE --help
    ROUTE target v1.11 options:
        --oif       ifname          Route packet through `ifname' network interface
        --iif       ifname          Change packet's incoming interface to `ifname'
        --gw        ip              Route packet via this gateway `ip'
        --continue                  Route packet and continue traversing the
                                    rules. Not valid with --iif or --tee.
        --tee                       Duplicate packet, route the duplicate,
                                    continue traversing with original packet.
                                    Not valid with --iif or --continue.
    You're looking for --tee. :)

