2011
09.02

Passive Network Tap

Warning: The following article is short, uninformative and depends entirely upon: A) you being a geek and caring about network taps, & B) reading the other two articles linked herein.

I’m basically just documenting my network tap build:

I started off building the tap in this instructable: http://www.instructables.com/id/Make-a-Passive-Network-Tap
For my purposes, this tap is just wrong… it basically just splices a couple network connections together (and interrupts network traffic when anything is plugged into the tap port). Perhaps linux or some other scenario can function with it, but I don’t carry around a linux laptop for the fun of it. (And I don’t know many windows sysadmins that do.)

There’s a great article here¬†that details a proper four-port tap.

Short of going and purchasing a 4-port faceplate, I pulled all the connections on my middle tap port except the rx pair (pins 3 & 6) and it worked properly. To get both a tx and rx port in the same form factor as in the instructable, I decided I’d add a tail to the box. That also takes away the need for an additional patch cable. Here’s a picture of it hooked up:

Passive Tap Connected

Passive Tap Connected

(in pic above: pc is plugged into top port, tail then connects to router (wireless bridge) – laptop is connected to bottom tap port)

And here’s a picture of the inside of the tap:

Passive Tap Internal

Passive Tap Internal

Basically, blue and brown go straight to the top port from the tail, and orange and green stop along the way across pins 3 & 6 of either tap port. There’s also a zip-tie there so the tail can’t be pulled so hard that it un-punches anything.

Combine this set up with wireshark, and you can tap traffic whenever you need. To tap both rx & tx traffic, you’ll need two ethernet ports. Monitoring one at a time is good enough for me.

Share

No Comment.

Add Your Comment