Introduction: Ethernet Tap

Picture of Ethernet Tap

This instructable will take you through the construction and setup of a double ethernet tap.

This passive device will allow you to sniff ethernet (or other network traffic) from a network without introducing any traffic onto the network.

In the olden days, one would simply have attached a network hub, for those not too familiar with networking equipment, a hub is a simple repeater and is analogous to a multi-way extension cord in that what comes in, goes back out on all ports. By comparison, a network switch operates on layer 2 of the OSI model and learns the MAC address of its neighbors, this way the network frame is read and the destination MAC address is used to determine which port to push the traffic out. This is great for network efficiency but not so much if you want to see inside the network for troubleshooting. Network hubs are increasingly difficult to get hold of now and as such, we need to turn to make our own solutions... the ethernet tap.

Step 1: You Will Need:

Picture of You Will Need:

  • 1 electrical back box
  • 1 double network wall plate
  • 4 network wall ports (I wanted 2 black 2 white but my supplier only had 1 white 3 black so take your pick)
  • Some CATV cable
  • A snips
  • A knife (optional)
  • An impact punchdown tool (essential)

Step 2: The Theory

Picture of The Theory

CAT V network cables are made up of 4 twisted pairs:

  • White Orange/Orange
  • White Green/Green
  • White Blue/Blue
  • White Brown/Brown

In a 568B type cable the 4 cores are ordered in the plug as:

  1. White Orange
  2. Orange
  3. White Green
  4. White Blue
  5. Blue
  6. Green
  7. White Brown
  8. Brown

NOTE: the network tap will only work for 10/100 Mb cables, gigabit uses all pairs for send and receive

In a 10/100 cable the "source" end will transmit (TX) on the White Orange/Orange pair and receive (RX) on the White Green/Green pair, this is what we want to tap.

The Second image shows the wiring layout we need to follow.

Step 3: Physical Construction

Picture of Physical Construction

Start with the blank wall plate

Add each of the ports by clicking them into place

The close-up image shows that the ports I used are out of order when you read the pin numbers but they are organized to be easier to wire, be careful here as designs vary.

Step 4: Wiring

Picture of Wiring

Strip some CAT V and untwist the pairs

Wire the 2 center ports as a straight through connection

From one port add duplicate wires from pins 1 & 2 and connect to pins 1 & 2 of one of the outer ports

Then do the same for pins 3 & 6 to pins 3 & 6 of the other outer port

This way we can monitor the traffic in both directions

Step 5: Close It Up

Picture of Close It Up

Once you are happy that the wiring is in and correct, you need to protect it, CAT V witing is not strong.

I just fitted a wall box to the back and closed it up, I also added some labels to make the purpose of each port clear.

Step 6: Test

Picture of Test

Connect up a comms path from 2 devices, say a computer and a server

Then connect 2 tap devices, this can be 2 computers, laptops or a single device with 2 network interfaces.

Open up your favorite network monitor tool (I like Wireshark) and watch that traffic flow without adding any of your own or having your presence on the network noticed or recorded!

Comments

TheRadMan (author)2017-10-09

About 4 years ago, this same design appeared as idea at a Network Security Conference, and then as a kickstarter attempt, and then faded away. I built several iterations of these TAPs, but the most successful unit was my last. It had two USB NICs that could simultaneously go to promiscuous mode for WireShark (Ethereal:farther back). I then discovered an active solution that involved open source router port mirroring and resolved my Gigabit interface requirement and now I am looking for something inexpensive, that does not drop packets at Gigabit wire packet speed.

The difference in this instructable posting is the finish uses the keystone-like modules in a wall socket enclosure which is much prettier than my early tool, and even the 'ThrowingStar' I saw at the Network Security Conference. This project has a neat and clean appearance.

About This Instructable

2,145views

41favorites

License:

Bio: I am an automation engineer but I will give anything a go. I don't know if you call if pessimism or just being an ... More »
More by Left-field Designs:DIY Self-Locking NutLCD Monitor Stand to Drill PressHandy Hole Size Checker
Add instructable to: