Introduction: Make a Passive Network Tap
This instructable will show you how to make an inexpensive network tap to monitor your network.
Companies like Network Optics make incredible taps, for all sorts of media, but if you have 10/100 home network then for $18 in parts from home depot you can make a tap and send the output to YAF/snort/tcpdump/wireshark and see if any data is leaking that should not be.
I have been doing Flow Analysis lately instead of using other tools. I like YAF . Then again I work on it...
If you want to see step by step instructions on setting up a flow collection infrastructure look at this wiki page.
Step 1: Parts
You will need:
3x Leviton Multi Use Cat 5e Jacks (5G108-W)
- I used 2 white and 1 blue, to let me know which one is the tap.
Leviton 3 port wall plate (#41080-3W)
5 inches of cat 5 cable
Step 2: Tools
You will need a wire stripper and a screw driver.
Step 3: Strip Wire
Cut 5 inches of cat 5 cable, and pull out the 8 strands of wire.
Step 4: Wire the First Jack
Separate the strands of wire and wire up the leviton jack. It comes with a little punchdown tool to make this job easy. I followed the color code on the side of the jack, it does not really matter though, as long as you are consistent the whole way through.
Step 5: Wire the Second Jack
To wire the second jack, you should put both the jacks in the wall plate.
Use the punchdown tool to put the wires in the jack using the color codes or same pattern as you did on the first jack. Make sure to leave enough wire left over to reach the third jack.
Step 6: Third Jack
To wire the third jack, drop the third jack in the panel then wire it up just like the 1st and 2nd.
Trim any excess wire.
Step 7: Close It Up
At this point you can close up the box and you are done.
Test it by hooking up the input in the top jack, snooping interface in the middle, and the destination on the bottom.
You can start up your snooping program and watch the traffic spin by. Make sure to have the snooping interface set to promiscuous mode and not assigned an ip.