this is my first english blog entry. Excuse me for my hopefully not so bad english 🙂
During my reverse engeneering on the Terratec Noxon 2 Audio (read the past two blog posts) i had to sniff the network traffic between the Noxon and the Internet.
First i just sniffed the wireless traffic with a simple ARP spoofing attack in my switched network.
But i couldn’t be sure wheather I sniffed the whole traffic or if I just missed some „intranet“ traffic in my net.
After some internet research, i decided to build my own passive ethernet tap to do a MITM (man in the middle) attack.
Note that you can only receive data from the connection. Injection is impossible with a passive tap!
If you want do modify or inject packets you should use two network interfaces as a bridge.
For my tap I used two screened two-port RJ-45 connectors which I soldered together.
Finally here some pictures of my tap. It’s the smallest i found on the internet! It has a size of 4*3*1 centimeters!
At last a small tip if you want two sniff in both directions simultaneaously. For this you need two NICs. Link them together with the „bonding“ kernel module. Here is a little howto and the documentation.