HOW TO CREATE A PI ZERO PACKET CAPTURING COMPUTER
--

This guide will show you how to create a small, packet capturing computer using a Raspberry Pi Zero combined with a passive lan tap. It's meant to be used with power over ethernet compatible networking hardware, so you can power it directly through the ethernet cables, without any batteries or USB chargers.

You simply plug it in between two ethernet cables, and it automatically powers on and begins logging the traffic that passes through.

Thanks to Liz Kellog for the idea.

- Youtube link
- Archive.org mirror
- Torrent
- Keybase mirror

IMAGES

- Circuit

PARTS

- Raspberry Pi Zero
- 12-5v step down convertor (the input voltage will depend on the network hardware it will be plugged into)
- A Pi compatible USB Ethernet adaptor
- 2x ethernet sockets
- 2x micro USB plugs
- Thin wires

TOOLS

- Soldering iron
- Desolder pump / Solder wick
- Wire Strippers

SOFTWARE SETUP

I tested the device using tshark, which is wiresharks command line utility. The cool thing about it is that it automatically begins logging ethernet data when it starts up. All you need to do is have the Pi auto login on boot, then set a script to run tshark.

HOW-TO GUIDE

Step 1. Remove the USB ethernet adaptor from its casing, then also remove the RJ45 socket from the board.

Step 2. Use the desolder pump and remove the USB plug from the ethernet board.

Step 3. Cut and tin the different wires you'll need for the circuit.

Step 4. Wire up the micro USB plugs for the ethernet adaptor and power. We'll need to short the ID and Ground pins. You can use usbpinout.net for the pinout reference.

Step 5. Follow the circuit diagram and wire everything up.

Step 6. Put everything inside a case. I modified an old piece of packaging that fit everything quite well. The lid opens up nicely and shuts with magnets.

Step 7. Plug it in, and it should automatically turn on and start capturing the packets passing through. Remember that you need to plug the correct end into the networking hardware to get the power over ethernet working.

It seems to work, and I'm pretty pleased with it. What do you think? How could it be improved? What projects would you like to see next?

--
BY NODE