Combining ethernet devices for sniffing

[Ed Greshko]

Harry Hoffman wrote:
> Hi Ed,
> 
> There are 4 interfaces:
> 
> eth0 -> transport
> eth1 -> unused
> eth2 -> sniff
> eth3 -> sniff
> 
> eth2,3 are plugged into a fiber tap and each card carries 1 direction of 
> the bidirectional traffic.
> 
> I would like to combine them to form a single interface for things like 
> tcpdump, tethereal, snort, etc. I don't want eth0,1 to be a part of it.

I see....  Well, I guess I can't help you much.  I normally use the 
tcpdump and ethereal with "any" and then filter on the nets of interest. 
  For my needs it has been sufficient.

-- 
"A common mistake that people make when trying to design something
completely foolproof was to underestimate the ingenuity of complete
fools."

--Ford Prefect in "Mostly Harmless".