You’ve been tasked with implementing a new performance monitoring tool in your network for advanced application layer visibility. After extensive research you’ve decided a Flowmon Probe is the best solution for your needs, allowing the monitoring of network performance, enhancing user experience, and optimizing MS SQL database performance. Beyond that it will also deliver detailed information about who communications with whom, when, how long, how often, how much data has been sent, and much more information from L2 - L4.
Implementation seems simple enough; you’ll just plug the Probe into an open SPAN port (mirror port) on your switch and start capturing data. Right? Well not necessarily. Let’s see who wins the battle for best access method for packet capture solutions.
A TAP is a hardware tool that allows you to access and monitor your network. TAPs transmit both the send and receive data streams simultaneously on separate dedicated channels, ensuring all data arrives at the Flowmon Probe in real time.
SPAN, aka port mirroring, sends a copy of all network packets seen on one port to another port, where the packets can be analyzed.
TAPs do not distort or drop packets, regardless of bandwidth. SPAN ports on the other hand are likely to drop packets when ports are oversubscribed.
Looks like TAPs are the clear winner here.
SPAN ports on a switch require configuration. They can easily be misconfiguration or turned off due to human error. Misconfigured SPAN ports not only fail to make complete copies of your network traffic, but they can hide critical data within that traffic, such as evidence of breach. TAPs just need to be connected to the network via the correct copper or fiber cable. Once they are turned on, they provide 24/7 access to all of the data at that link in network. Certain types of TAPs can be configured via dip switches or a GUI/CLI for filtering rules.
Close call, but TAPs still manage to beat SPAN ports.
TAPs do not have an IP or MAC address. Thus they are 100% secure and invisible to outside threats. As a port on the switch, a SPAN port has an IP address, so it can be hacked.
TAPs win again.
While TAPs defeated SPAN ports in all three battles, the most important one to focus on is that TAPs won’t drop any packets. By using TAPs as they foundation of your visibility fabric, you ensure that critical packets get to the Flowmon Probe to provide actionable insight into network performance.
[Interested in learning more? Read our whitepaper: TAP vs SPAN: Real Network Visualization Considerations for Professionals Today.]