On Wed, Jan 8, 2014 at 1:34 PM, Brian Miller <centos at fullnote.com> wrote: > >> that doesn't make any sense. >> >> a SYN packet comes in, is forwarded to serverA and serverB >> >> both servers reply with an 'ack'.... man, is the client tcp stack going >> to be confused! > > > He didn't say anything about both servers replying, only that he wanted > to mirror all port 80 traffic. Maybe he's trying to develop a protocol > specific IDS, or maybe he wants to build some sort of OOB transaction > log of his HTTP traffic. But if you are going to do that, you probably wouldn't need (or want) the IP addresses to be modified in the packets - you'd make it work at layer 2 and use a switch with a monitor port (or for lower bandwidth, an old fashioned hub) to fan out copies of the packets. -- Les Mikesell lesmikesell at gmail.com