Industry Best Practices

Contact Us

Network Test Access Point (TAP) and Port Mirroring (SPAN)

What's the Difference...and Does it Matter?

Network test access points (TAP) and port mirroring (SPAN) are the two most common access methods of packet capture for the use of analysis in data monitoring. Is there a difference? Yes, there are significant differences which affect the integrity of the traffic that is being analyzed, as well as the performance of the network traffic. This page discusses the differences in regards to monitoring the network. When deploying and managing active, inline appliances SPAN should never used, as packets are randomly dropped when the SPAN ports become oversubscribed.

TAP-v-SPAN diagram-TAP.pngTAP - Network Test Acess Point

A hardware tool that allows you to access and monitor your network. TAPs transmit both the send and receive data streams simultaneously on separate dedicated channels, ensuring all data arrives at the monitoring or security device in real time.

  • Court approved. A TAP provides forensically sound data/evidence that data captured is 100% accurate with time reference.
  • TAPs do not alter the time relationships of frames. Spacing and response times are especially important with VoIP and Triple Play analysis including FDX analysis.
  • Fiber TAPS are 100% passive and have no power.
  • Network TAPs have no IP address, no MAC address and cannot be hacked.
SPAN - Switch Port for Analysis
TAP-v-SPAN diagram-SPAN.png

Port Mirroring also known as SPAN (Switched Port Analyzer), sends a copy of all network packets seen on one port (or an entire VLAN) to another port, where the packets can be analyzed.

  • SPAN sessions do not interfere with the normal operation of the switch.
  • Remotely configurable from any system connected to the switch.
  • Disallows bidirectional traffic on that port to protect against backflow of traffic into the network.

What does Cisco say about data capture and SPAN ports?
"The switch treats SPAN data with a lower priority than to-port data...the best strategy is to make decisions based on the traffic levels of the configuration and when in doubt to use the SPAN port only for relatively low-throughput situations." - Cisco


Blog Feed



Ready to solve a problem?

Explore TAP vs SPAN Scenarios:


Real Network Visualization Considerations for Professionals

Network security and management personnel must have full access and using TAP (test access points) technology is the only viable and reliable technology for that job. Still not convinced? This white paper will cover the value TAP access will provide and remove all the misinformation about SPAN or monitor access through switches and false products.

Learn More



TAP Toons

TAP into Technology | TAP vs SPAN

Leading the way in Network Technology
When A Simple SPAN Port Is Enough

When A Simple SPAN Port Is Enough

The two most common ways to access and replicate data within your network are TAP and SPAN technology. A Test Access Point (TAP) is a hardware device that copies all of your network data. SPAN or

TAP Test: Do you need a Network TAP?

TAP Test: Do you need a Network TAP?

Whether you are proactively designing a network for a new office or data center location, or looking to make changes to your current infrastructure, there are a lot of questions to ask during the

Understanding Advanced Features in a Network Packet Broker

Understanding Advanced Features in a Network Packet Broker

Network Packet Brokers (NPBs) have come a long way from their modest roots as data monitoring switches, though their intended application remains nearly the same.  The NPB is still primarily used as