Original idea for an Ethernet switch!
Original idea for an Ethernet switch!
In Ubuntu it's feasible to connect Ethernet ports. For instance, you have two gigabit NICs on one server—one linked to your router and another to your switch. Using tools like Wireshark, you can track all traffic passing through the switch before it reaches the router. If you combined a 10GB NIC, a gigabit NIC, and a fiber NIC without linking them to the WAN, could you repurpose this configuration as a media converter and switch for your servers? Similar to how a Netgear GS108 functions.
@Oshino Shinobu what about practicality? This would let me track every packet being sent.
This method lets you track every packet transmitted, functioning similarly to a well-built IDS. However, passing through the kernel bridge introduces significant delays compared to a standard switch. A typical gigabit switch adds only about 0.5ms, while the kernel bridge contributes 2–4ms and also impacts overall CPU usage. Most organizations keep traffic routing through software layers, except at routers or firewalls. Using tools like Suricata could help block malicious traffic directly, making inline IPS more practical.
It wasn't built specifically for this task and faces many factors influencing performance beyond what a regular switch handles. Issues include power use, ability to grow, and dependability. Managed switches with SNMP and QoS offer similar results, but more effectively and consistently.
You don’t have to run a full computer for this either; a simple router with OpenWRT can handle capturing traffic to a file, after which you can study the data on a PC—something I use often when I need to check how an app handles traffic.