Transparent Traffic Sniffing

[thehemi]

Let's assume I throw in a multiple port Ethernet card
into my Linux box -- beyond the interface I use now.
Would there be any software that I could use to put
the two interfaces inline with an existing cable run to
transparently gather packets on the wire? Since I do
not have a hub or managed switch that I can use for
doing the normal port monitoring setup. NICs are not
expensive, so it should be a quick/easy solution if the
software exists for doing such a configuration.

[anomie]

If traffic passes through either interface (proxy server / NAT) you can capture packets using tcpdump or wireshark.

Since I do
not have a hub or managed switch that I can use for
doing the normal port monitoring setup.

What are you monitoring for? There may be a better solution.

[thehemi]

If traffic passes through either interface (proxy server / NAT) you can capture packets using tcpdump or wireshark.

The traffic is passing between two standalone devices.
Neither is Windows or Linux, so I can't login for sniffing.

What are you monitoring for? There may be a better solution.

In this instance, I want to watch the packets coming in
from a cable modem to the router. There is debate on
whether the packets are even arriving at the router or if
the router is actually dropping / ignoring them.

And, yes, this is a dumb SOHO "router" so it's not a fancy
device that I would be able to login and run debug logging.

[anomie]

Then my advice is not going to apply. I don't know of any way for you two sniff traffic between a cable modem and a hardware router with your current setup.

If you want to describe the problem symptoms further, maybe someone can help.

[thehemi]

Then my advice is not going to apply. I don't know of any way for you two sniff traffic between a cable modem and a hardware router with your current setup.

In the interest of time, I think I'm going to just stick a
laptop between the modem and router, attempt making
my connection and sniff the incoming packets. Although
I would still be interested to hear from anyone that may
have a suggestion for an "inline" sniffing configuration in
the event I need to do this in a situation where it's not
as easy as swapping out the machines.

If you want to describe the problem symptoms further, maybe someone can help.

I'm trying to setup a VPN server from a commodity device.
The client says there's no incoming packets, so I'm trying
to verify the packets are reaching the router and that it's
not the router that's malfunctioning.

Although a router malfunctioning will be easier to resolve
than trying to convince the ISP to open any ports they're
blocking...