Linux box as a port sniffer

[Rusttree]

Is it possible to turn off the transmission functionality of a NIC on a Linux box without disabling the receiving functionality? Basically, I want to troubleshoot a networking line by running Wireshark on the Linux box without the Linux box adding any extra traffic to the line. I need it to listen but not transmit. I have a cat5 splitter (true 1-to-1 mapping on all 8 pins) that I would use to split the signal on the ethernet cable into my Linux box.

Thanks,
Dan

[HROAdmin26]

Remove the transmit pin...clip the CAT5/attach an RJ45 head.

[Rusttree]

Clever idea...

Although, wouldn't the NIC still attempt to transmit and thus add extra traffic to the Wireshark log? I suppose I could easily filter those messages out of Wireshark.

[HROAdmin26]

The NIC is "up" or "down" as far as the kernel is concerned. Without writing a custom driver, I don't think you're going to get that functionality at the kernel/driver level.

** A *Nix machine is typically very quiet on a network - not like a Windows system. The machine will only respond to queries to it. Since it can't send, no other machine will know it's on the network and thus will not be sending it queries. Obviously, the system is also not running a service that would respond to broadcasts (DHCP server, PXE, etc.) I would only expect the machine to "try" and respond to typical multicast requests - and that volume would depend on what else is on the network and what it is doing.

Edit: Oh, the NIC can also be "up'ed" but not have an IP address. This will mean it cannot respond to IP traffic. Other traffic will be possible though.

[Rusttree]

Understood.

I think I'll try your idea of clipping the transmit pin. And then just have Wireshark filter out any traffic from the NIC. Thanks for your help!