@barryf,
I mean wireshark the traffic flowing FROM LAN0 to LAN1 not the individual ports.
Yes, understood. Please check my previous message here.
Once an OS is loaded, lan0 and lan1 are not bridged any more. Traffic flowing from one to the other would be traffic that has gone through the OS network stack. Typically it would be routed (in which case you need the devices on the LAN segments to be cognizant of your presence, addr/gw/mask and all). It sounds like you are looking for an “insertion” type of functionality. In that case you will need to explicitly perform bridging between lan0 and lan1 in the OS (a kernel with CONFIG_BRIDGE, and brctl). Then, those packets (frames, to be precise) will flow through your s/w bridge and you will be able to sniff them (you will also need to add NF BRIDGE support into your kernel).
If you don’t do all that, there is no bridging.
Either way, I believe you can sniff whatever flows between lan0 and lan1.
