Introduction: Ethernet Tap

By Murray Woodcraft

This instructable will take you through the construction and setup of a double ethernet tap.

This passive device will allow you to sniff ethernet (or other network traffic) from a network without introducing any traffic onto the network.

In the olden days, one would simply have attached a network hub, for those not too familiar with networking equipment, a hub is a simple repeater and is analogous to a multi-way extension cord in that what comes in, goes back out on all ports. By comparison, a network switch operates on layer 2 of the OSI model and learns the MAC address of its neighbors, this way the network frame is read and the destination MAC address is used to determine which port to push the traffic out. This is great for network efficiency but not so much if you want to see inside the network for troubleshooting. Network hubs are increasingly difficult to get hold of now and as such, we need to turn to make our own solutions... the ethernet tap.

Step 1: You Will Need:

  • 1 electrical back box
  • 1 double network wall plate
  • 4 network wall ports (I wanted 2 black 2 white but my supplier only had 1 white 3 black so take your pick)
  • Some CATV cable
  • A snips
  • A knife (optional)
  • An impact punchdown tool (essential)

Step 2: The Theory

CAT V network cables are made up of 4 twisted pairs:

  • White Orange/Orange
  • White Green/Green
  • White Blue/Blue
  • White Brown/Brown

In a 568B type cable the 4 cores are ordered in the plug as:

  1. White Orange
  2. Orange
  3. White Green
  4. White Blue
  5. Blue
  6. Green
  7. White Brown
  8. Brown

NOTE: the network tap will only work for 10/100 Mb cables, gigabit uses all pairs for send and receive

In a 10/100 cable the "source" end will transmit (TX) on the White Orange/Orange pair and receive (RX) on the White Green/Green pair, this is what we want to tap.

The Second image shows the wiring layout we need to follow.

Step 3: Physical Construction

Start with the blank wall plate

Add each of the ports by clicking them into place

The close-up image shows that the ports I used are out of order when you read the pin numbers but they are organized to be easier to wire, be careful here as designs vary.

Step 4: Wiring

Strip some CAT V and untwist the pairs

Wire the 2 center ports as a straight through connection

From one port add duplicate wires from pins 1 & 2 and connect to pins 1 & 2 of one of the outer ports

Then do the same for pins 3 & 6 to pins 3 & 6 of the other outer port

This way we can monitor the traffic in both directions

Step 5: Close It Up

Once you are happy that the wiring is in and correct, you need to protect it, CAT V witing is not strong.

I just fitted a wall box to the back and closed it up, I also added some labels to make the purpose of each port clear.

Step 6: Test

Connect up a comms path from 2 devices, say a computer and a server

Then connect 2 tap devices, this can be 2 computers, laptops or a single device with 2 network interfaces.

Open up your favorite network monitor tool (I like Wireshark) and watch that traffic flow without adding any of your own or having your presence on the network noticed or recorded!