I'm looking for a PCI NIC with two PHYs that is capable of bridging/switching in hardware but allows the host to monitor the traffic. Does such a thing exist?
This would be running on a linux host.
Edit: software bridging is not feasible for this application. I'm specifically looking for some model of card that will do hardware switching with monitor capability.
Yes, such a thing exists. They're really popular inside home WiFi routers -- that's how your average Linksys router works: the four "LAN" ports are connected to a single bridged adapter, which is then bridged in software to the 802.11 adapter, and then that is NAT'ed to the "WAN" port.
However, it's tough to find one you can just plug into any computer -- the demand just isn't there. Instead, I'd recommend doing simple software bridging using
brctl-- that'll create a "virtual" adapter, usually called "br0", which represents the bridge of the two adapters. You can treat that virtual adapter just like any physical one.The overhead of bridging the adapters in software is negligible, even with mediocre hardware.
If
brctldoesn't give you what you need (perhaps the software layer adds too much latency) the next best bet is to use a span or monitor port on your switch. The traffic isn't bridged, it's merely copied to the destination port where whatever monitoring you need to do can happen. The down side is that you can't filter on that traffic, but you can monitor it.