A lot of my work involves network tracing (hence my recent wiki page), and it would be great if i could do this with a really simple, transportable device. Ideally it would have these characteristics:
- Pocket-sized, lightweight
- Two Gigabit Ethernet ports configured as a bridge, so that it can be placed inline on any network connection without affecting traffic flow.
- LEDs for each interface indicating link, incoming packets, link speed, and ideally, duplex and POE settings. Whenever one of the network interfaces becomes active, a packet capture of all traffic in libpcap format would be started automatically. The file would be named for the date and time of the start of the capture.
- 1-2 GB RAM for storing packet captures
- USB 2.0 interface, which would be used for retrieving packet captures from the device (which would appear as a USB flash disk)
- NTP support so that packet captures are always accurately timed and named
- Powered via USB or a rechargeable battery (which itself would be charged via USB)
Some nice to have features:
- DHCP client which records results in a separate file alongside packet captures
- Linux distribution bootable via USB