<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2975524&amp;fmt=gif">
BLOG

The 101 Series: Passive Network TAPs

July 23, 2025

Companies that are using network monitoring tools, either for analyzing security threats, packet flow or Key Performance Indicators (KPIs) – all have one thing in common. They need to ensure that those applications have access to 100% of the traffic flowing through the network.

If they can’t see all the data, they just can’t operate as designed.


For out-of-band monitoring tools, you’ll want a passive network TAP. With different network environments, there are a few different considerations to choose. For those of you that don’t create network design plans and study best practice connectivity models on a daily basis like we do, here’s a quick refresher to get you started on the right foot

An Overview on Passive Network TAPs

A network TAP is a purpose-built appliance that sits between two network points and sends network data to external appliances without interrupting traffic flows. A passive TAP simply makes a copy of the network data and distributes it to third party appliance(s), they don’t take altered traffic back from the device and resend it through to the network.

Passive TAPs as Garland defines them are TAPs that will not cause the monitored devices to loose link between one another if power is lost. This can be accomplished when monitoring two devices connected with fiber optics or with two devices running 10 or 100 Mbps copper interfaces. 

Some passive TAPs do not require power sources. However, if the TAP needs to perform additional services besides simply copying and sending data (as we’ll see below) they will require power. Regardless, passive network TAPs are designed so that even if the environment loses power, the network devices do not lose the link. The network devices will never even know that the network TAP lost power.    

Download Now: TAP vs SPAN [Whitepaper]

Passive TAPs in Fiber-based Networks

Passive network TAPs can be used in fiber networks of all speed – simply choose the one rated to copy and send traffic at the same rate as your network (1 Gigabit, 10 Gigabit; 40 Gigabit, 100 Gigabit, etc.). If that’s all that the TAP has to do – and there is enough light available in the fiber to split it without degrading network conditions – there is no need to power a passive TAP at all. For companies with crowded wiring closets and limited outlet availability, this network design offers tremendous advantages.

However, if there is not enough light in the fiber or it has to travel too far to reach its final destination, you will need a powered passive TAP.  

Certain installations will require media conversion to bring network traffic to the designated monitoring point. For example, if traffic from a fiber-based network needs to be sent to an appliance with copper input ports, the TAP will convert from Fiber Optic signaling to Electrical signaling since copper is an electrical interface. If the network uses multi-mode fiber for transport and you want to use a single mode fiber to carry the traffic to the monitoring appliance, the TAP will convert the optical signal from multimode to single-mode. While media conversion is easily done within a passive network TAP, it does need to be powered to make that happen.  

It is also important to note that a standard passive network TAP sends two streams of traffic to the monitoring tools. The east to west and west to east traffic. If you only have one port on the monitoring tool you can use one of our aggregation taps to aggregate the west to east and east to west traffic into one stream.    

Passive TAPs in Copper-based Networks 

While a passive network TAP can be used in any fiber-based network, it’s not that straightforward in copper environments. Passive TAPs can be used in copper networks but they must always be powered.

And then there is a speed issue. Passive network TAPs can be deployed in 10/100 Base-T networks but they cannot be deployed in copper gigabit environments. In these networks, companies must use an active network TAP to provide monitoring tools with the visibility they require.

Ensuring the Failsafe Operation of Gigabit Copper TAPS

When choosing a network TAP for copper Gigabit interfaces, it is important to look for one with failsafe circuitry that meets data center standards. For instance, Garland’s fail-safe relay circuitry is built into our Gigabit network TAPs – if power is lost the relay circuitry will fail-close in less than 8 milliseconds providing a connection between the network elements. This ensures that traffic can continuously flow in the event of a power failure.

Of course, the most reliable method is to deploy all your networks TAPs via a rack outfitted with dual Uninterruptible Power Supplies (UPS).

To get around the power requirement, certain vendors will suggest attaching a lithium battery to the passive TAP instead of plugging it into a legitimate power source. Clearly, this method won’t meet data center standards – the failure rate is too high to be trusted.

Passive network TAPs are essential to providing complete packet visibility to network monitoring and security tools, without effecting the network.

Looking to add TAP visibility to your next deployment, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do!

New call-to-action  

See Everything. Secure Everything.

Contact us now to secure and optimized your network operations
Contact Us

Heartbeats Packets Inside the Bypass TAP

If the inline security tool goes off-line, the TAP will bypass the tool and automatically keep the link flowing. The Bypass TAP does this by sending heartbeat packets to the inline security tool. As long as the inline security tool is on-line, the heartbeat packets will be returned to the TAP, and the link traffic will continue to flow through the inline security tool.

If the heartbeat packets are not returned to the TAP (indicating that the inline security tool has gone off-line), the TAP will automatically 'bypass' the inline security tool and keep the link traffic flowing. The TAP also removes the heartbeat packets before sending the network traffic back onto the critical link.

While the TAP is in bypass mode, it continues to send heartbeat packets out to the inline security tool so that once the tool is back on-line, it will begin returning the heartbeat packets back to the TAP indicating that the tool is ready to go back to work. The TAP will then direct the network traffic back through the inline security tool along with the heartbeat packets placing the tool back inline.

Some of you may have noticed a flaw in the logic behind this solution!  You say, “What if the TAP should fail because it is also in-line? Then the link will also fail!” The TAP would now be considered a point of failure. That is a good catch – but in our blog on Bypass vs. Failsafe, I explained that if a TAP were to fail or lose power, it must provide failsafe protection to the link it is attached to. So our network TAP will go into Failsafe mode keeping the link flowing.

Glossary

  1. Single point of failure: a risk to an IT network if one part of the system brings down a larger part of the entire system.

  2. Heartbeat packet: a soft detection technology that monitors the health of inline appliances. Read the heartbeat packet blog here.

  3. Critical link: the connection between two or more network devices or appliances that if the connection fails then the network is disrupted.

NETWORK MANAGEMENT | THE 101 SERIES