A tool for man-in-the-middle sniffing. This allows IP host C to redirect host A <-> host B traffic through itself, transparently, for the cost of a few ARPs. Simultaneously, packets are logged to a file for later replay (I like ethereal, myself). This allows sniffing of flows (MAC level, so possibly multiple IPs. They can even be gateways.) between two hosts even in a switched evironment. It also allows for non-promiscuous mode "sniffing". (just make your machine's MAC address match the virtual MAC or vice versa). ARP spoofing tool included. This should be reasonably portable, though only tested on Linux and OpenBSD.

Get MiM.c or arpspoof.c here.