Inline Traffic Capture Without Touching the Network
A hardware bypass switch that drops into any Ethernet segment, redirects traffic through your analysis tools on demand, and fails safe automatically.
Overview
The EtherShunt is a four-port gigabit Ethernet bypass switch designed for inline network analysis. Insert it anywhere along an existing Ethernet link and gain the ability to transparently redirect all traffic through an analysis platform on demand, with only a brief link renegotiation during transitions. When power is removed, the fail-safe relay restores the direct link in milliseconds. No configuration required.
- ✓ 4× Gigabit Ethernet Ports (W1, W2, E1, E2)
- ✓ USB-C Powered & Controlled
- ✓ Hardware Fail-Safe Signal Switch: auto-bypasses on power loss
- ✓ Watchdog Timer: auto-bypasses on host timeout
- ✓ Ultra-low Power Consumption
- ✓ Serial Interface (USB CDC) for SET / UNSET commands
In Practice
Ideal for penetration testing and protocol analysis where network uptime is critical. Place the EtherShunt inline with a target device and redirect traffic to your analysis tools on demand. No ARP spoofing, no SPAN ports, no network changes required. When you are done, unset it and the network is restored exactly as it was.
- Transparent MiTM without ARP poisoning or SPAN ports
- Minimal disruption: transitions renegotiate in seconds, fail-safe recovers in milliseconds
- Works on any switched gigabit network segment
- Pairs with the Fid for full SDN-controlled traffic analysis
How It Works
Insert Inline
Patch the EtherShunt into any existing Ethernet segment between two devices: a router and a server, a switch and an endpoint, or anywhere you want to inspect traffic.
Connect Your Analysis Platform
Attach your analysis host (a laptop, a Fid appliance, or any Linux box) to the East ports. In bypass mode, the link passes through transparently. The analysis host is invisible to the network.
Toggle Interception via Serial
Send a single serial command over USB-C to activate SET mode. The EtherShunt redirects all traffic through your analysis host. Send UNSET to return to transparent bypass instantly.
Automatic Fail-Safe
The EtherShunt uses discrete hardware components, not software, to implement its power failure fallback. When power is removed or interrupted, the signal path physically moves and bridges the West and East ports directly. Your network link is restored within milliseconds.
This means the EtherShunt is safe to deploy in production environments. Even if the analysis host crashes or you forget to UNSET before unplugging, the network recovers on its own.
Watchdog Timer
The hardware fail-safe protects the network when power is lost. The watchdog timer adds a second layer of protection: it guards against the analysis host becoming unresponsive while the EtherShunt is in SET mode. If your analysis platform crashes, hangs, or loses its serial connection, the watchdog automatically returns the EtherShunt to bypass mode, restoring the original network path without operator intervention.
Arm the watchdog over the serial interface before beginning analysis. Once armed, the EtherShunt issues a challenge number on the serial link at a configurable interval. Your host must reply with that number incremented by one before the timeout expires. If a valid response is not received, the EtherShunt transitions to UNSET and the direct link is restored.
Port Layout
Two West ports face the upstream network; two East ports face the analysis host or target. USB-C provides both power and serial control.
A Note on Link Renegotiation
Each transition physically moves the signal path, disrupting the link for a few milliseconds. The PHYs on each side then renegotiate the link state. This typically takes 1–3 seconds. During this window, traffic is interrupted.
For penetration testing, traffic analysis, and most monitoring workflows, this is expected and acceptable. Endpoints reconnect automatically once the link is re-established. If your use case requires hitless transitions, contact us for other options.