Introduction: Read-only Ethernet Monitor Cable

This will show you how to make this custom ethernet cable. This cable is intended to be used with a packet analyzer program like Wireshark, or Microsoft network monitor or messages analyzer.

I expect you to only use this for doing network troubleshooting, or learning about networking. This is read-only so you can't do as much with it, but you will be able to see some data. I accept no responsibility for your use or misuse of this cable.

Step 1: What You Will Need

Parts:
option 1:
2 cat5 or better patch cables. Cat 5 will suffice for this and you may want to sacrifice that over cat5E or cat6
Electrical tape
(I used this method found an old ~6FT cat5E cable, I had another cable with a bad end which became the read-only connection as it only needed one end.)

option 2:
3 RJ45 connectors
About 9FT or so of cat5, 5E patch cable.
Electrical tape

Tools:
Diagonal cutter
solder and solder iron or gun
wire stripper
razor knife
(If useing option 2 RJ45 crimp tool)

Step 2: Prepare the Cables

Take the better cable and somewhere in the wire (I used the middle) remove about .5-1inch of the outer sheath by carefully using a razor or the diagonal cutter. Don't cut the inner wires, and avoid nicking these wires while removing the sheath.

Take the other cable and cut one of the ends off it. (I used a cable that had a bad end and cut the faulty end off)
Strip about .5-1inch of the outer sheath off the end of this cable. Seperate out the green pair of wires and strip a small amount of the insulation off the wire. Fold the others back or cut them off.

On the cable with both ends that you removed some outer sheath from separate out the orange pair so you can work on them. With a stripper or razor remove some insulation from both of the orange wires.

If you chose to do this with cable and RJ45 plugs:
Cut the desired amount of cable for the continuous cable (I'd say about 4-6FT) and about probly about 1/2 that for the read only cable. Crimp RJ45 plugs on both ends of the cable you want to have two connections on. Put one connector on the other cable. All the other steps are the same.

Step 3: Making Connections

Take the green wire from the cable with only one end and twist it around the orange wire of the cable with two ends.
Do similar with the green/white wire only twisting it around the orange/white sire instead.
Solder these two connections.

In the picture the gray cable is the read one, blue is the one with two ends. This picture was taken on my first try I realized I had to solder the green/white pair of the gray cable to the orange/white of the blue cable.
It still works if you match the colors, but you will only see traffic coming into the system instead of out.

Step 4: Finishing Touches

Take some electrical tape and wrap it around the solder joints you made this will prevent them from shorting out. Liquid electrical tape may be better if you have that.

Cover the area where you removed the outer sheath with a generous amount of electrical tape. About 1-2 inches from that where the read only lead comes out wrap that a couple times with tape this will keep it from pulling on the soldered joints and breaking.

Mark the read only lead with some sort of a label, put some colored tape around it so you know this is the read wire.

Step 5: Using the Cable.

You will out the read cable (the one that we only used the green pair from) to a system with Wireshark, etc installed.
The continuous part of the cable would go between whatever the device you want to monitor and whatever it was connected to.

Comments

author
stalker145 made it! (author)2015-07-23

I'm assuming you have access to a LAN port in this scenario, so why not simply make a crossover cable using only the transmit pair (1 & 2) on the router/switch side and the receive pair (3 & 6) on the monitor side?

This would give the advantage of being able to monitor all traffic instead of just that that is passed down the one pipe as well as minimizing loss due to splicing.

Thank you, though, for this. I had never thought of putting anything other than a standard Ethernet cable on my monitoring setup... I know what I'm doing when I get home tonight.

author
PCelec made it! (author)PCelec2015-07-23

You have a point, but this is the logic of doing this way. Say you have something on the network you think may be causing some sort of issue (connectivity, or security related). This will allow you to view what is going on between these devices. but you won't be able to actually participate on the network. This is more suited for 10/100 meg as that only uses these two pairs. I'd love to do it for gigabit, but the pairs are bi-directional so you'd have to use diodes, etc to achieve this.

A hub will work, but there is a chance your system may inject traffic for some reason and causing issues with your analysis. If you were doing something like a pen test some things you deal with can do some unexpected things and you may end up creating a mess on the network or issues in your tests.

The best way to do this would be a managed switch and port mirroring, but that would not show you something like if a device is sending fragments, malformed packets, etc. Unless you were able to look at and trust the counters on the switch interface.

author
stalker145 made it! (author)stalker1452015-07-23

I think I understand where you're coming from. This is a simpler and more "foolproof" way of determining which device between a given set would be the cause of the issues, correct?

author
PCelec made it! (author)PCelec2015-07-23

That's part of it also good for security work like forensics, security testing. If you wanted you could use this sort of like a security device and scan for trafic that may be insecure, malware moving around the network, something sending out data that shouldn't, etc.
Target had a device to do this, and it saw the odd traffic going to the hackers, but they thought it was an error and ignored it. (If you want to know more about this type of security look up IDS, IPS)

author
PCelec made it! (author)2015-07-23

This is also up for two contests, so if you like I'd appreciate if you would atleast consider voting in these contests.

author
BrendanR4 made it! (author)BrendanR42015-07-25

Thank you for this guide! I am technically over my head, or over my head, technically, with this post content/application, but I shall make one! Also, which two contests?

author
PCelec made it! (author)PCelec2015-07-25

Soldering and metal. contests.

author
BrendanR4 made it! (author)BrendanR42015-08-16

Thank you for your time and response.

About This Instructable

3,028views

17favorites

License:

Bio: Computer/ electronics guru. Hobbies are: electronics mainly destroying things and then making something new or learning how things work. I have been getting into fixing ... More »
More by PCelec:Read-only Ethernet monitor cable12V DC-120V AC Power inverter from old UPS unitIntro To SCSI (formerly SASI) configuration.
Add instructable to: