I'm looking for the best approach to setup a Linux box in order to work as a black hole router, thus capturing all packets without a routing path. Assuming I will be port mirroring the packets to my Linux box, with the network interface in promiscuous mode, what would be the best choice to log packet info (ip.src, ip.dst, tcp.sport, tcp.dport) to a file (preferably working as a daemon) ?
Iptables would be a perfect choice but it doesn't have a promisc chain (for obvious reasons) so it's not an option.
Thanks in advance. K
Wireshark can log in promiscous mode, it can store to a file, it can log all info you mentioned