So here I am working late waiting for some developers to test they new code before I can go home to hopefully get some sleep before back to work again, and I decided that to kill some time I would have a crack at making my own DIY passive ethernet tap (click HERE for more information) .
This little “devices” allow you to “sniff” the network traffic between two points without the need to use fancy port mirroring or expensive commercial ethernet taps. The build list is made up of things you probably already have lying to hand (us Geeks like to hoard). To make my PET or passive ethernet tap I used the following:
- Krone tool for making nice snug, secure connections or you can use a flat bladed screwdriver.
- Some CAT 5 cable (anything you’ve got lying around will do)
- Some form of CAT5 module that you can crimp your connections into. For mine I used the KATT-4 module from the back of an old patch panel (I have a bag of these at home).
- A wiring diagram showing how to connect it all together (clik HERE)
The basic principal behind creating your own PET is to pass the active network connection through the PET while allowing you to connect another device to the connection so you can “sniff” the traffic. The issue lies in that as most things on a network run at full-duplex you must have 2 tap connections to get all the traffic.
This means you either need 2 network cards in your sniffer or have some way to bond the 2 taps together to collect all the traffic (I’m still working on this at the moment).
I’m not 100% sure but I don’t think PET’s work on 1Gb connections (might have to try that at some point).
I haven’t found a use for my new PET at the moment but that really wasn’t the point of making one.. 🙂 I’ve included some photo’s below;
If you have any questions or queries, please let me know.