Introduction

This document provides straightforward instructions on how to construct a passive ethernet bridge tap. The end product may be used with any hub or switch and any operating system. A passive ethernet tap is useful when installing an intrusion detection system (IDS) sensor or when snooping Ethernet traffic.

  Please Note: This tap is not compliant with the Gigabit Ethernet standards.

  This tap, if used carelessly, may also damage your NIC or other networking equipment.

  If the above notices scare you, use a hub instead.

During construction, it is recommended to browse the construction gallery as it will show the tap in the vatious stages of construction.

Parts and Tools Needed

Below is a list of tools and parts needed to construct the passive ethernet tap. In parentheses the part number of the part used by the author is listed for reference.

Parts
  (1x) One-Gang Surface Mount Wiring Box (Levitron 42777-W)
  (1x) 4-Port Angled Wallplate (Levitron 40807)
  (4x) CAT 5e Jack (Levitron 5G108-W)
  (1x) 6-inch piece of CAT 5e wire (Coleman Cable E138034)
Tools
  Pocket Knife or other suitable tool for striping wire
  Phillips Screw Driver

Construction

Carefully slice the outer insulation and disassemble the short section of CAT 5e wire. After removing the 4 twisted pairs of wires, carefully untwist each pair and straighten out the wires. You will need the 8 wires for the project.

You should have 8 wires. In this document, they will be referred to by the following abbreviations:

    Blue/White  Bl/W    Blue  Bl
    Brown/White  Br/W    Brown  Br
    Green/White  Gr/W    Green  Gr
    Orange/White  O/W    Orange  O

You will now need to refer to the wiring diagram and the construction gallery.

Take one CAT 5e jack. This first jack will become Host A. The jack itself has a nice little color code guide + number guide on each side. Using the numbers, wire it according to the Wiring diagram provided above. After you have finished wiring the jack, you can plug it into the wallplate.

Take a second CAT 5e jack. This will become Tap A. For this jack, O/W (number 1 on host a) is wired to terminal 3. You will also need to wire O (number 2 on host a) to terminal 6. After you have finished wiring the jack, you can plug it into the wallplate.

Take a third CAT 5e jack. This will become Tap B. For this jack, Gr/W (number 3 on host a) is wired to terminal 3. You will also need to wire Gr (number 6 on host a) to terminal 6. After you have finished wiring the jack, you can plug it into the wallplate.

The last jack is wired exactly the same as the first jack. This jack will become Host B.

After all the jacks have been wired and placed into the wallplate, screw the wallplate onto the wiring box. It is now complete. Be sure to carefully label the jacks so that there is no confustion to whether they are a Tap or Host jack.

Testing and Usage

Place the passive Ethernet tap inline between a host machine and the Ethernet switch using the two outside positions labeled "HOST". Verify that the link status indicators on your host Ethernet interface and the Ethernet switch are connected again. You may now connect the Ethernet port of your sniffer or IDS sensor into the Tap A and/or Tap B connectors of the passive Ethernet tap.

Note: Keep in mind that when you have a full-duplex Ethernet connection, Tap A will show half-duplex traffic and Tap B will show the remaining traffic. You will need to use two Ethernet interfaces to examine both halves of the full-duplex signal.