The Plunder Bug, developed by Hak5, is a smart pocket-sized 10/100 Base-T LAN Tap that slips onto Ethernet cables to give you an access to unencrypted traffic. It allows mirroring network traffic to a third device, for portable packet capture and analysis, through USB-C convenience.
What is a Network TAP?
Network TAP (Test Access Point) is a device that mirrors traffic flowing between different nodes of a computer network. These monitoring devices are placed at chosen points for access and monitoring of network data. Used mostly by security professionals, students and network administrators to secure and keep an eye on network infrastructures.
Hak5 compliments the Plunder Bug with an included Android app (rooted devices only) for recording and sharing
.pcap files. Coupled with cross-platform scripts, capable of active / passive sniffing, Plunder Bug represents a very useful addition to any sysadmin’s toolkit. The best part is that it comes with a built-in USB Ethernet adapter.
Plunder Bug: Smart LAN Tap [features, hardware, design]
Plunder Bug has a similar design to the Packet Squirrel, weighing about 100g, it comes with a fast built-in Ethernet switch package, where the network traffic is directed through the integrated
ASIX AX88772C Chipset USB adapter, as well as with
PHYs chip (both are on the main PCB). The main stacking header has 20 pins, the boards and pins are soldered together by the stacking header. There are also a few ICs.
- Auto negotiating 10/100 Base-T Fast Ethernet
- ASIX AX88772C USB Ethernet Chipset
- USB-C TAP/Power port (5V, 20-300mA draw)
- Complimentary simple UI (User Interface) Android app for
- Connection scripts for Windows, OS X & Linux (note that you need to install specific drivers for OS X users from the ASIX website. )
- Passive sniffing on Windows, OS X and Linux.
- Can be used as a switch.
- Plunder Bug mute script which mutes / unmutes the USB-C from active to passive and vise versa.
- Linux, OS X, Windows.
The Plunder Bug, as most LAN Tap devices, is independent of what OS you are using. As long as you have physical access to an Ethernet cable and a pcap program, you’re good to go. Supported scripts are available for all of the listed operating systems. The only thing we need to emphasize is that the Plunder Pug needs an Android app with
Plunder Bug Android App
The Plunder Bug – Smart LAN Tap Companion App, lets you store all the
pcaps and easily share them via Android. You can use an android
pcap reader on your device to perform quick analysis / scans. Alternatively, you can use the device to continually share the
.pcap files via WiFi and later use them remotely.
Device detection: Automatically detects when the Plunder Bug is connected and ready to use.
Packet capture: Captures live network traffic and records it in standard
Share: Exports your packet capture (
.pcap) files for packet analysis.
Hacking using Plunder Bug
If you’re in the penetration testing world then you surely appreciate the significance of physical access on-the-go. If you arm yourself with the proper pcap manipulation tools, you can do pretty much anything you want (well, as far as TAP go).
A good example is tapping into an Ethernet Security Camera stream and using a tool like pcapfex to capture footage, extract image frames, and then basically transmit fake/static ones to trick the viewer by faking the signatures. This is just one tiny example, the rest is literally up to your own aptitude and creativity.
In addition, using a USB-C cable, you can connect the Plunder Bug to a machine running your favorite network analyzer such as
On one side, the lack of PoE is somewhat impractical, but then again it makes the device smaller and stealthier. It’s an upgrade from the Packet Squirrel featuring USB-C, which makes it very useful for simultaneous passive sniffing and active scanning.
We admit that the Plunder Bug seems more like a toy, an accessory, or “baby’s first LAN Tap”, but don’t underestimate its simplicity. If you know what you’re doing, using the right
pcap readers and scripts, you can cause a lot of damage with this one.