Visibility Solutions

Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.

Resources

Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.

Blog

The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners

Partners

Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.

Company

Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.

Contact

Whether you are ready to make a network TAP your foundation of visibility or just have questions, please contact us. Ask us about the Garland Difference!

Blogheader image.png

TAP Into Technology

Leading the Way in Network Technology

Understanding the Basics of Packet Data Acquisition

Posted by Steve Harris | 7/11/19 8:00 AM

Packets are an essential source of data for network performance management (NPM) tools. They are the foundation of data truth that all network monitoring and security tools rely upon for analytics, forensics, threat detection, and performance monitoring. In order to be able to fully trust the reporting and results of your tools, you have to have full confidence in their data source; the packets.

 

EMA (Enterprise Management Associates®) research has found that enterprises have greater success in applying NPM tools to performance monitoring and cloud application migration assessments when they use packets for those use cases. Packets are an essential component to forensic security analysis and real-time incident detection. In essence, without full and complete packets, it’s very hard to gain a full understanding as to what’s happening in the network. 

 

The Basics of Packet Acquisition


Once you’ve determined that packets are the source of data you’re looking to get from a network link to send to tools for analysis, your next question to answer is, ‘How am I going to get those packets?’

Well your answer is simple. Either you use Network TAPs or SPAN (mirror) Ports. 

Network TAPs, or test access points, are the most popular approach and best to mirroring traffic and sending it to NPM tools, with 50% of respondents in a recent EMA survey using TAPs as their packet acquisition method. TAPs are purpose-built, hardware devices that are physically connected to a network port via a fiber or copper cable. TAPs can take the workload of mirroring traffic off of your switch or router, alleviating the burden and ensuring performance isn’t degraded.

EMA Best practices for delivering packets to NPM tools

Using SPAN ports as your data acquisition method may seem simple at first, since you are configuring ports on a switch or router to act as a Switched Port Analyzer (SPAN). But that one choice can lead to problems later on. Many switches and routers can produce bad data when mirroring traffic from the SPAN port.  This is in addition to dealing with oversubscription and a reduction in overall performance of the switch when traffic levels increase. These problems all occur because the switch was not originally designed for this use. 

Not convinced yet?

Check out these other reasons why you don’t want to rely on SPAN ports:

  • Duplicate data packets can reduce the efficiency of your NPM tools
  • Missing data is not forwarded to NPM tools, which makes real-time monitoring and analysis difficult
  • They can lead to network blind spots depending on how the SPAN ports were initially set up.
  • User error - they require manual configuration, rather than a plug and play design.
  • Legal regulations - Timestamps are modified, leading to data being challenged in court when used for lawful intercept.


If you’re looking for true visibility and accuracy of your data packets, then Network TAPs are the clear choice to use as the foundation of your network visibility strategy. Starting with TAPs instead of SPAN ports ensures that your NPM tools will work efficiently and effectively.

 

[Want to learn more about best practices for delivering packets to network performance management tools? Download the latest whitepaper from the analysts at EMA to get their insight and analysis!]

Topics: Network TAPs, TAPs vs SPAN, Network Visibility/Monitoring

Written by Steve Harris

As Regional Sales Manager, Northeast for Garland Technology, Steve is responsible for developing and implementing end user and partner strategies.