Passive Ethernet Tap

Ethernet tap is a good tool for network administrators to have in there toolbox. It is simple to use it can monitor 10/100Mbps connections. For gigabit connections will automatically be reduced to a 10 or 100Mbps depending on the network cards. This cord is 99% undetectable.

Project Summary

What you need to put this project together

 Soldering iron and solder

 Heatshrink tubes

 2 CAT5 Ethernet cables

 Wire strippers and cutters


Here are the steps to† make the Passive Ethernet Tap:

1. Make sure the cord is a straight-threw or patch cord by looking at both ends and see that each color is connected to the same pin on both ends. Also take a look at pair 2 shown in figure A that there will tell you what color pair of wires you will use on the end that goes to the monitoring network card.

2. Cut both cables in half make 2 ends out of the 4 ends for monitoring(one for sending and the other for receiving data) and the other 2 ends connection between the two Ethernet devices. Leave just pair 2 on the monitoring end. On the devices end leave pairs 2 and 3(orange and green) and don't forget to strip the wires that you are going to use and cut the heatshrinks into 4 small pieces and put each piece on each four wires on one end of the cord we want to tap into. Before continuing to the next step

3. Connect the same color of wires of the connection between the Ethernet devices together. This is because we want to tap into the cord without changing its connection.

4. Connect each pairís striped color wire to the monitoring pairís striped color and connect the non-stripped to a monitoring pairís non-stripped wire. Make sure that you have just one monitoring end connected to pair 2 and the other monitoring end connected to pair 3. Remember we want to monitor the data coming though each pair.

5. Solder the joints together and then cover the joints with heatshrinks and shrink them with heat. And thatís it!


Using the Passive Ethernet Tap

You can download your favorite packet sniffing software such as SmartSniff or WireShark. If thereís a option for promiscuous mode make sure its enabled. Promiscuous mode tells the network card not to ignore packets that were not sent to it. You will need monitor separately the send and receive ends of the cable. Unfortunately in both programs you will have to open 2 of them in order to see the data from both sides.

Figure A Pinouts

