I would like to set up a stealth sniffer between firewall and next-hop router, but I do not know how, wish I still had a hub.
You said your router is actually an ethernet switch (that have some routing capabilities)? On most switches, you can assign one or more ports to be monitoring ports. They will receive copy of all traffic going through the switch. Check if your switch supports that. Configure one port to be monitoring port, connect PC to it. Do not set up IP address or anything on that interface, just bring it up with ifconfig. Run tcpdump or such on that interface. And you have your stealth sniffer.
-- Aleksandar Milivojevic <amilivojevic@xxxxxx> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
