Passive Packet Capturing

User A to User B packet data traffic can be monitored through a HUB by User C using a “receive‑only” Ethernet cable.

Receive Only Cable Diagram

On the HUB end of the cable, there is a loop between TX and RX to activate the HUB port. Any traffic through the HUB will now include this port in the broadcasts.

User C taps onto the loop by its receive pins.

Once the connections are made to the HUB, User C will receive all packets that flow through the HUB, but User C will not transmit any packets towards the HUB (no DHCP requests and no ARP requests).

The NIC on User C is in promiscuous mode capturing all incoming packets only.

Using a receive-only Ethernet cable in this configuration allows for the ability to passively capture packets, while not actively being a part of the network.

Network administrators can actively test for devices in promiscuous mode, monitor for DHCP and ARP requests, and review MAC tables to determine the presence of a packet analysis tool.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.