Building a Passive Ethernet Tap

birdculture1 pts0 comments

Building a passive Ethernet tap · Ata Kuyumcu's Blog

https://blog.lvmbdv.dev/posts/building-a-passive-ethernet-tap/I saw this cool ethernet tap and<br>thought it would be cool to see how chatty my &ldquo;smart&rdquo; TV is. But I didn&rsquo;t want<br>to pay €39 for it. So I made a clone on mini breadboards.<br>A passive Ethernet tap is a stupid-simple device. It sits inline between your<br>computer and router, copies the signal onto two extra monitor ports, and<br>physically cannot inject traffic back. No power, no software, no configuration.<br>The monitor ports are receive-only. You can&rsquo;t accidentally DoS your own network<br>with one of these.<br>The design<br>The tap has four RJ45 jacks. J1 and J2 are wired straight through, pin for pin.<br>The computer plugs into J1, the router into J2. The link works exactly like a<br>patch cable because, electrically, it is one.<br>J3 monitors traffic from the computer toward the router. It taps the computer&rsquo;s<br>TX pair (pins 1 and 2 on J1) and routes it into the monitor&rsquo;s RX pair (pins 3<br>and 6). J4 does the same thing in reverse, tapping the router&rsquo;s TX pair into its<br>monitor&rsquo;s RX pair.<br>The monitor ports can&rsquo;t transmit. Pins 1 and 2 on J3 and J4 are left floating. A<br>monitoring computer plugged into J3 only gets a signal on its receive pair. It<br>sees the traffic, it can&rsquo;t touch the line. The tap is invisible to both ends.<br>Two 220 pF ceramic capacitors bridge the unused pairs on the monitor jacks (C1<br>on J3 pins 4-5, C2 on J4 pins 7-8). Their only job is to corrupt Gigabit<br>auto-negotiation on the blue and brown pairs, forcing the link to fall back to<br>100 Mbps. Ethernet at 100 Mbps only uses two of the four pairs, and those are<br>exactly the pairs we&rsquo;re tapping. If the link negotiated at Gigabit and spread<br>data across all four pairs, we&rsquo;d be blind.<br>The build<br>Four RJ45 breakout boards, two 220 pF ceramic caps, and a mini breadboard. €10 worth of parts.<br>The original Throwing Star LAN Tap uses a custom PCB. I used RJ45 breakout<br>boards with header pins. Each board breaks out all 8 pins plus a shield pin<br>to labeled pins. Four of them, two capacitors, and a mini breadboard.<br>The inline path (J1 to J2) is eight wires, straight through, on one half of the<br>breadboard.<br>The passthrough section. All eight pins wired straight between J1 and J2.<br>The monitor taps branch off the inline path. For J3, I ran jumpers from J1 pins<br>1 and 2 to J3 pins 3 and 6. For J4, from J2 pins 3 and 6 to J4 pins 3 and 6. The<br>capacitors sit directly on the monitor jacks, bridging the unused pairs.<br>Finished tap. Passthrough on the left, monitor jacks on the right.<br>I was worried the breadboard would introduce enough capacitance to degrade the<br>signal. 100BASE-TX runs at 125 MHz. Breadboard parasitics are usually 2-5 pF<br>between adjacent rows, and the impedance is all wrong. But the inline wires are<br>short, and the signal held up fine. A breadboard is not a PCB, and I wouldn&rsquo;t<br>run a production network through one, but for a passive tap, it works.<br>What it captured<br>The only Ethernet-tappable device I had was the smart TV. My laptop doesn&rsquo;t have<br>an RJ45 port, and the USB Ethernet adapter I ordered hadn&rsquo;t arrived yet. So the<br>tap sat between the TV and the router, with my desktop plugged into the monitor<br>ports. 2,769 packets in the first 7.5 minutes at an average of 14 kbps. A smart<br>TV at idle doesn&rsquo;t move much data. Mostly control traffic and device discovery.<br>The TV announced itself 877 times in under 5 minutes: SSDP NOTIFY packets to<br>239.255.255.250, one every few seconds. It also broadcast mDNS over both IPv4<br>and IPv6 simultaneously, same service, same announcements, two protocols. A<br>&ldquo;smart&rdquo; device on a different subnet (192.168.3.7) sent 34 broadcast frames in a<br>burst. The router at 192.168.2.254 answered everything with IGMP queries.<br>Zero CRC errors across all 2,769 frames. The link light stayed solid at 100<br>Mbps. The breadboard didn&rsquo;t introduce any detectable noise.<br>Once the USB Ethernet adapter shows up, I can tap my actual laptop traffic, and<br>see something more interesting than a TV shouting its name into the void.<br>Parts and cost<br>Most of the stuff I already had hoarded but the ethernet breakout connectors<br>cost €10 for 7. Kinda expensive per piece at €1.4 but it was on next-day<br>delivery.<br>¯\_(ツ)_/¯

Table of Contents

Links<br>Codeberg<br>GitLab<br>GitHub<br>LinkedIn<br>Mastodon<br>RSS

Tags<br>#ai<br>#compsci<br>#cryptography<br>#culture<br>#devops<br>#games<br>#hardware<br>#lisp<br>#networking<br>#plt<br>#programming<br>#python<br>#rust<br>#security<br>#vibecoding<br>#web

rsquo pins ethernet monitor breadboard router

Related Articles