Read-only Ethernet Monitor Cable




About: Computer/ electronics guru. Hobbies are: electronics mainly destroying things and then making something new or learning how things work. I have been getting into fixing more things though. for instance a...

This will show you how to make this custom ethernet cable. This cable is intended to be used with a packet analyzer program like Wireshark, or Microsoft network monitor or messages analyzer.

I expect you to only use this for doing network troubleshooting, or learning about networking. This is read-only so you can't do as much with it, but you will be able to see some data. I accept no responsibility for your use or misuse of this cable.

Teacher Notes

Teachers! Did you use this instructable in your classroom?
Add a Teacher Note to share how you incorporated it into your lesson.

Step 1: What You Will Need

option 1:
2 cat5 or better patch cables. Cat 5 will suffice for this and you may want to sacrifice that over cat5E or cat6
Electrical tape
(I used this method found an old ~6FT cat5E cable, I had another cable with a bad end which became the read-only connection as it only needed one end.)

option 2:
3 RJ45 connectors
About 9FT or so of cat5, 5E patch cable.
Electrical tape

Diagonal cutter
solder and solder iron or gun
wire stripper
razor knife
(If useing option 2 RJ45 crimp tool)

Step 2: Prepare the Cables

Take the better cable and somewhere in the wire (I used the middle) remove about .5-1inch of the outer sheath by carefully using a razor or the diagonal cutter. Don't cut the inner wires, and avoid nicking these wires while removing the sheath.

Take the other cable and cut one of the ends off it. (I used a cable that had a bad end and cut the faulty end off)
Strip about .5-1inch of the outer sheath off the end of this cable. Seperate out the green pair of wires and strip a small amount of the insulation off the wire. Fold the others back or cut them off.

On the cable with both ends that you removed some outer sheath from separate out the orange pair so you can work on them. With a stripper or razor remove some insulation from both of the orange wires.

If you chose to do this with cable and RJ45 plugs:
Cut the desired amount of cable for the continuous cable (I'd say about 4-6FT) and about probly about 1/2 that for the read only cable. Crimp RJ45 plugs on both ends of the cable you want to have two connections on. Put one connector on the other cable. All the other steps are the same.

Step 3: Making Connections

Take the green wire from the cable with only one end and twist it around the orange wire of the cable with two ends.
Do similar with the green/white wire only twisting it around the orange/white sire instead.
Solder these two connections.

In the picture the gray cable is the read one, blue is the one with two ends. This picture was taken on my first try I realized I had to solder the green/white pair of the gray cable to the orange/white of the blue cable.
It still works if you match the colors, but you will only see traffic coming into the system instead of out.

Step 4: Finishing Touches

Take some electrical tape and wrap it around the solder joints you made this will prevent them from shorting out. Liquid electrical tape may be better if you have that.

Cover the area where you removed the outer sheath with a generous amount of electrical tape. About 1-2 inches from that where the read only lead comes out wrap that a couple times with tape this will keep it from pulling on the soldered joints and breaking.

Mark the read only lead with some sort of a label, put some colored tape around it so you know this is the read wire.

Step 5: Using the Cable.

You will out the read cable (the one that we only used the green pair from) to a system with Wireshark, etc installed.
The continuous part of the cable would go between whatever the device you want to monitor and whatever it was connected to.

Soldering Challenge

Participated in the
Soldering Challenge

Metal Contest

Participated in the
Metal Contest



    • Indoor Lighting Contest

      Indoor Lighting Contest
    • Make It Fly Challenge

      Make It Fly Challenge
    • Growing Beyond Earth Maker Contest

      Growing Beyond Earth Maker Contest

    8 Discussions


    4 years ago

    I'm assuming you have access to a LAN port in this scenario, so why not simply make a crossover cable using only the transmit pair (1 & 2) on the router/switch side and the receive pair (3 & 6) on the monitor side?

    This would give the advantage of being able to monitor all traffic instead of just that that is passed down the one pipe as well as minimizing loss due to splicing.

    Thank you, though, for this. I had never thought of putting anything other than a standard Ethernet cable on my monitoring setup... I know what I'm doing when I get home tonight.

    3 replies

    Reply 4 years ago on Introduction

    You have a point, but this is the logic of doing this way. Say you have something on the network you think may be causing some sort of issue (connectivity, or security related). This will allow you to view what is going on between these devices. but you won't be able to actually participate on the network. This is more suited for 10/100 meg as that only uses these two pairs. I'd love to do it for gigabit, but the pairs are bi-directional so you'd have to use diodes, etc to achieve this.

    A hub will work, but there is a chance your system may inject traffic for some reason and causing issues with your analysis. If you were doing something like a pen test some things you deal with can do some unexpected things and you may end up creating a mess on the network or issues in your tests.

    The best way to do this would be a managed switch and port mirroring, but that would not show you something like if a device is sending fragments, malformed packets, etc. Unless you were able to look at and trust the counters on the switch interface.


    Reply 4 years ago on Introduction

    I think I understand where you're coming from. This is a simpler and more "foolproof" way of determining which device between a given set would be the cause of the issues, correct?


    Reply 4 years ago on Introduction

    That's part of it also good for security work like forensics, security testing. If you wanted you could use this sort of like a security device and scan for trafic that may be insecure, malware moving around the network, something sending out data that shouldn't, etc.
    Target had a device to do this, and it saw the odd traffic going to the hackers, but they thought it was an error and ignored it. (If you want to know more about this type of security look up IDS, IPS)


    4 years ago on Introduction

    This is also up for two contests, so if you like I'd appreciate if you would atleast consider voting in these contests.

    3 replies

    Reply 4 years ago on Introduction

    Thank you for this guide! I am technically over my head, or over my head, technically, with this post content/application, but I shall make one! Also, which two contests?