Comments on: Create a passive network tap for your home network

By: GB

GB — Wed, 02 Mar 2011 04:09:42 +0000

If I am correct the tap goes in-line. The label of “host” on the tap is real the “Host in” and “host out” or maybe another way to say it would be “To Host NIC” and “To Switch”. The Second image shows this better if I’m not mistaken.

By: Ivan Petrushev

Ivan Petrushev — Thu, 20 Nov 2008 20:30:39 +0000

Got it!
That is pretty interesting set up
Thanks for sharing!

By: Lee

Lee — Thu, 20 Nov 2008 19:52:16 +0000

@Ivan – Interference is completely cut off by only having the Rx wires attached to each of the two jacks. Without the Tx wires, any transmitted data can not be sent out, data may only be received.

By: Ivan Petrushev

Ivan Petrushev — Thu, 20 Nov 2008 19:48:55 +0000

And how do you minimalize the possibility of interfering with the transmitted data?
Connecting each of the pairs to separate NICs, but what prevent that NIC from sending packets with source the intrusion detection system connected behind? Maybe firewall rule dropping all output packets and putting the NIC into promisc mode? Is that your approach?

Regards, Ivan.

By: Lee

Lee — Thu, 20 Nov 2008 19:36:59 +0000

@Ivan – A passive tap is used to monitor all traffic that is occurring on a connection without interfering with it in any way. They can be used to monitor traffic for security breaches, or attacks.

I separated the green and orange wires because in order to be complete passive, I needed to remove any possibility of transmitting data on the wire for the machine that is monitoring the traffic. This is also why 2 additional jacks are needed, 1 jack for traffic in one direction, the other jack for traffic in the opposite direction.

Hope that cleared up things a little bit.

By: Ivan Petrushev

Ivan Petrushev — Thu, 20 Nov 2008 18:32:03 +0000

Hello,
I had thought that I know something about networks and wiring, but this is the first time I see similar thing
Could you please explain what a ‘passive tap’ is and what is it used for?
Aside for setting up bridge or regular gateway or whatever – what are these taps about?
Why would you separate the orange wires from the green wires?
There is RJ45 connector to each pair, so I suppose you could connect a cable and thus – network interface to one of the pairs. The question is – why the only one pair?
AFAIK, you need both orange and green pair for proper 100BaseTX network?

Regards, Ivan.

By: john

john — Fri, 28 Mar 2008 05:19:26 +0000

aleksey – the two taps are required if the interface of the host being monitored is in full duplex. otherwise, just one of the two taps will suffice.

By: Aleksey F.

Aleksey F. — Tue, 26 Feb 2008 04:49:41 +0000

This is neat, I’m definitely trying it on my FreeBSD machine. I guess I don’t understand the way wiring works, but whats the reason for the need to have 2 taps? Can it be done with one?

By: links for 2008-02-25 at edsmiley.com

links for 2008-02-25 at edsmiley.com — Mon, 25 Feb 2008 05:24:38 +0000

[…] Create a passive network tap for your home network (tags: security networking snort) […]