Here’s a chance to learn a little bit about network security. This article walks us through some of the core concepts of network manipulation and packet sniffing using Linux tools. [Joey Bernard] discusses the uses for packages like tcpdump, p0f, and dsniff. They are capable of recording all network traffic coming through your computer’s connection, seeking out machines installed on the network, and listening to traffic for a specific machine. This isn’t going to give you a step-by-step for cracking modern networks. It will provide some insight on what is going on with your network and you should be able to purpose these tools to check that you’ve got adequate security measures in place.

Making a passive network tap can be an easy and inexpensive undertaking as shown in this Instructable. Passive monitoring or port mirroring is needed because most networks use switches which isolate the network traffic and this does not allow for the entire network to be monitored.  This example uses a single tap, using multiple taps will provide access to the full-duplex data separately. By using two taps you are able to monitor inbound data that is passed through one tap, and outbound data that is passed through the other tap.  Separate taps are desired because most sniffer software handles half-duplex traffic only and requires two network cards for full-duplex.

It is easy to insert a passive Ethernet tap inline, as shown in the picture above from a different multitap project,  simply plug the incoming line into a host port and a patch cable from the other host port to the outgoing port, then verify your connection status. Now connect the Ethernet port of your sniffer computer into either of the tap connectors on the passive Ethernet tap. This tap works by using sniffer applications that put your Ethernet card into promiscuous mode.  This allows you to monitor all traffic on the network not just the traffic directed to your network adapter. After you install your favorite sniffer program, such as Wireshark, Snort, TCPDump, WinDump, or Ettercap to name a few,  you are then able to monitor all traffic any way you see fit, like looking for passwords in the video below.