Re: packet sniffing help needed.

[yaoki () hawaii edu]

yes, this is possible.
An easier way to accomplish this is with a hub
like so:

C1< --HUB-->ISP<--- > C3
C2-----¦

Make sure to use a hub, not a switch, as switches
isolate traffic at the datalink layer & hubs are just dumb repeaters at the physical layer. The scenario you proposed 
may run into switch isolation on the internet. If you run into problems with that setup do try the HUB approach to 
gather the sniff results you are after.

Your case is a controlled experiment with full consent, so not an MITM attack. If any of the parties in the 
communication were unaware of your monitoring then yes, it would be a MITM attack in such cases (even without data 
modification).

Its all about consent.

The alerts you mention are simple advisories as you suggested. What you will see in your packet captures will be plain 
text html pages that you will be able to read. Then hop onto an HTTPS site if you care to & you will find the pages to 
be encrypted, so unreadable by a third-party observer.

I have to get back to my books..its serious crunch mode time for me. If you encounter further problems there are folks 
here who can help you out further. Hope this helped!
-mark aoki