The two most common methods to access network data are via a Network TAP or from a SPAN port.
How much do you know about Network TAPs? If you don't use them, maybe you think it's just another failure point or there may be a forwarding delay. If you do use them you probably consider them a must have.
What if I can answer some of those questions you may have in a few quick points?
Let's refresh - a TAP (Network Test Access Point) transmits the send and receive data streams simultaneously on separate dedicated channels, ensuring all data arrives at the monitoring device in real time.100% of the data, it doesn't get better than that!
The passive network TAP was patented around 2002 as a device allowing a third party to “listen-in” to network activity.
Network TAPs can do a lot of things you may not realize. They can be passive “listen only” devices that sends all data to your monitoring tools. Or they can be active, in-line feeding your security tools, providing you a failsafe. Meaning if a failure occurs with the appliance or the tap, the live network traffic is not affected. Can SPAN do that?
With packet capture, the TAP does not distort or drop packets, regardless of bandwidth including physical layer errors. TAPs do not alter the time relationships of frames, spacing or response times and supports full duplex traffic analysis.
Which do you use to feed your tools? Click below and take a look at the new TAP vs SPAN infographic and compare the difference.