Building a passive Ethernet tap · Ata Kuyumcu's Blog
https://blog.lvmbdv.dev/posts/building-a-passive-ethernet-tap/I saw this cool ethernet tap and<br>thought it would be cool to see how chatty my “smart” TV is. But I didn’t want<br>to pay €39 for it. So I made a clone on mini breadboards.<br>A passive Ethernet tap is a stupid-simple device. It sits inline between your<br>computer and router, copies the signal onto two extra monitor ports, and<br>physically cannot inject traffic back. No power, no software, no configuration.<br>The monitor ports are receive-only. You can’t accidentally DoS your own network<br>with one of these.<br>The design<br>The tap has four RJ45 jacks. J1 and J2 are wired straight through, pin for pin.<br>The computer plugs into J1, the router into J2. The link works exactly like a<br>patch cable because, electrically, it is one.<br>J3 monitors traffic from the computer toward the router. It taps the computer’s<br>TX pair (pins 1 and 2 on J1) and routes it into the monitor’s RX pair (pins 3<br>and 6). J4 does the same thing in reverse, tapping the router’s TX pair into its<br>monitor’s RX pair.<br>The monitor ports can’t transmit. Pins 1 and 2 on J3 and J4 are left floating. A<br>monitoring computer plugged into J3 only gets a signal on its receive pair. It<br>sees the traffic, it can’t touch the line. The tap is invisible to both ends.<br>Two 220 pF ceramic capacitors bridge the unused pairs on the monitor jacks (C1<br>on J3 pins 4-5, C2 on J4 pins 7-8). Their only job is to corrupt Gigabit<br>auto-negotiation on the blue and brown pairs, forcing the link to fall back to<br>100 Mbps. Ethernet at 100 Mbps only uses two of the four pairs, and those are<br>exactly the pairs we’re tapping. If the link negotiated at Gigabit and spread<br>data across all four pairs, we’d be blind.<br>The build<br>Four RJ45 breakout boards, two 220 pF ceramic caps, and a mini breadboard. €10 worth of parts.<br>The original Throwing Star LAN Tap uses a custom PCB. I used RJ45 breakout<br>boards with header pins. Each board breaks out all 8 pins plus a shield pin<br>to labeled pins. Four of them, two capacitors, and a mini breadboard.<br>The inline path (J1 to J2) is eight wires, straight through, on one half of the<br>breadboard.<br>The passthrough section. All eight pins wired straight between J1 and J2.<br>The monitor taps branch off the inline path. For J3, I ran jumpers from J1 pins<br>1 and 2 to J3 pins 3 and 6. For J4, from J2 pins 3 and 6 to J4 pins 3 and 6. The<br>capacitors sit directly on the monitor jacks, bridging the unused pairs.<br>Finished tap. Passthrough on the left, monitor jacks on the right.<br>I was worried the breadboard would introduce enough capacitance to degrade the<br>signal. 100BASE-TX runs at 125 MHz. Breadboard parasitics are usually 2-5 pF<br>between adjacent rows, and the impedance is all wrong. But the inline wires are<br>short, and the signal held up fine. A breadboard is not a PCB, and I wouldn’t<br>run a production network through one, but for a passive tap, it works.<br>What it captured<br>The only Ethernet-tappable device I had was the smart TV. My laptop doesn’t have<br>an RJ45 port, and the USB Ethernet adapter I ordered hadn’t arrived yet. So the<br>tap sat between the TV and the router, with my desktop plugged into the monitor<br>ports. 2,769 packets in the first 7.5 minutes at an average of 14 kbps. A smart<br>TV at idle doesn’t move much data. Mostly control traffic and device discovery.<br>The TV announced itself 877 times in under 5 minutes: SSDP NOTIFY packets to<br>239.255.255.250, one every few seconds. It also broadcast mDNS over both IPv4<br>and IPv6 simultaneously, same service, same announcements, two protocols. A<br>“smart” device on a different subnet (192.168.3.7) sent 34 broadcast frames in a<br>burst. The router at 192.168.2.254 answered everything with IGMP queries.<br>Zero CRC errors across all 2,769 frames. The link light stayed solid at 100<br>Mbps. The breadboard didn’t introduce any detectable noise.<br>Once the USB Ethernet adapter shows up, I can tap my actual laptop traffic, and<br>see something more interesting than a TV shouting its name into the void.<br>Parts and cost<br>Most of the stuff I already had hoarded but the ethernet breakout connectors<br>cost €10 for 7. Kinda expensive per piece at €1.4 but it was on next-day<br>delivery.<br>¯\_(ツ)_/¯
Table of Contents
Links<br>Codeberg<br>GitLab<br>GitHub<br>LinkedIn<br>Mastodon<br>RSS
Tags<br>#ai<br>#compsci<br>#cryptography<br>#culture<br>#devops<br>#games<br>#hardware<br>#lisp<br>#networking<br>#plt<br>#programming<br>#python<br>#rust<br>#security<br>#vibecoding<br>#web