Passive Network Tap/Ethernet Tap - Cheap and Easy

This tutorial will show you how to easily make a cheap passive network tap to monitor the network traffic between two endpoints.
These endpoints may be two PCs, a router and a PC or your internet wallport and your router etc.

Caution: If you would like to monitor a gigabit connection (1000Base) or an even faster connection, you will need a professional TAP or switch-port monitoring solution. If you are using this TAP in a gigabit environment, it will reduce the speed to 100mb/s (100Base).

I made this tutorial, because the supplies are way cheaper than the ones used in other tutorials (at least for me). Other tutorials recommend buying single keystone modules, wall plates etc. However, there was no place close to me which would sell all of these things, and I did not want to order all of these supplies separately online.
I thought of a cheaper way and came up with the idea of using a patch panel.

What you will need:

- a patch panel (mine has 8 ports and costs about 15 bucks)

- 4 LAN-cables (= RJ45 cables), preferably cat5 or cat5e, cat6 or cat7 definitely not necessary and not improving anything.

- something to cut a cable into two (wire cutter or a good pair of scissors. I used a pair of nail scissors to cut the cable wider open)

- something to push the wires into the slots (I used a thin wooden stick)

- a computer for monitoring

- a LAN to USB adapter to monitor both traffic directions and not only one (except your monitoring machine has two LAN ports)

1. Take on of your LAN cables and cut it in half. Before you do it assess how much cable you'll need. I wanted to have a shorter cable so I cut 1/4 to 3/4.

2. Cut the cable wider open, i.e. remove about 6-8 inches of the cable sheath surrounding the wires (Picture 1). For this I used the nail scissors. Rather remove more than less, since you can cut the wires shorter at a later stage.

3. Understand the wiring of an RJ45 cable:
The cable is made of 8 different wires:
- green and green/white
- orange and orange/white
- brown and brown/white
- blue and blue/white
For a 100mb/s connection only green and green/white as well as orange and orange/white are used. The others are not used.
You'll need to differentiate between two types of RJ45 cable: EIA/TIA 568B and EIA/TIA 568A. In my experience the latter is rarer than the former. Take a look at your LAN cable. Usually the type is printed on the cable sheath.
568B uses the the orange (TX-) and orange/white (TX+) wires for transmitting and the green (RX-) and green/white (RX+) for receiving.
For 568A it is the other way around.
You can see this difference also from the labeling of the patch panel (picture 2).
The reason why you cannot monitor a gigabit connection is that it uses each of the 8 wires for transmitting and receiving data.
My cable is a 568B. So for the following wiring description orange and orange/white is for transmitting and green and green/white is for receiving. If you have a 568A you'll need to think the other way around.
Caution: You can monitor a powerline 100mb/s connection. However, you'll need all four colors because power-line uses brown/brown-white and blue/blue-white as well.

4. I started my wiring at port 6 (traffic-port), and I am using port 7 and 8 for monitoring. This way I am able to set up a second monitoring setup with my 8 port patch panel. I could either use 1-3 or 2-4 or 3-5 for another setup.

5. Keep in mind you only need green, green/white, orange and orange/white. I wired blue and blue/white as well and left out brown and brown/white. Blue and blue/white is not needed, I just did it out of convenience.

6. wire port 6 according to the description on the patch panel, i.e. green and green/white in the slots for green, orange and orange white in the slots for orange. Push the wire into the slots.

7. wire port 7. In my case port 7 is monitoring the transmitting traffic (i.e. orange and orange/white). Do NOT push orange and orange/white into the slots for orange at port 7 since this would mean that the monitoring machine could accidentally leak data. To only monitor the transmitting traffic you'll need to push the orange wires into the green slots of port 7.
Lay the green ones on top.

8. wire port 8. In my case port 8 is monitoring the receiving traffic. Just push the green and green/white wires into the green slots of port 8.

9. For steps 6-8 take a look at the pictures 3 to 5.

10. Remember: If you'd like to monitor power-line traffic, you'll need to wire blue and brown wires as well, i.e. pushing them into the blue respectively brown slots on ports 6-8.

You've finished the wiring.
Now close up the patch panel.

10. inset the remaining 3 LAN cables.
Port 6 is the traffic port. Insert a LAN cable and connect it to the first client. Connect the RJ45 connector of the cut cable to the second client.

11. Connect port 7 and 8 to your monitoring machine (you'll probably need a LAN to USB adapter since your monitoring machine will most likely only have one LAN port).

12. Set both LAN interfaces on your monitoring machine to promiscuous mode and start your monitoring tool, e.g. Wireshark.

12. If you like this tutorial, please leave a like-comment.
If you have any question, please leave a question-comment (However, I might not be able to give you an answer).
If the tutorial contains any mistakes or misconceptions, please let me know with a comment.

13. Other monitoring solutions: especially port mirroring on a network switch.