Industry Best Practices

Contact Us

Network Test Access Point (TAP) and Port Mirroring (SPAN)

What's the Difference...and Does it Matter?

Network test access points (TAP) and port mirroring (SPAN) are the two most common access methods of packet capture for the use of analysis in data monitoring. Is there a difference? Yes, there are significant differences which affect the integrity of the traffic that is being analyzed, as well as the performance of the network traffic. This page discusses the differences in regards to monitoring the network. When deploying and managing active, inline appliances SPAN should never used, as packets are randomly dropped when the SPAN ports become oversubscribed.

TAP-v-SPAN diagram-TAP.pngTAP - Network Test Acess Point

A hardware tool that allows you to access and monitor your network. TAPs transmit both the send and receive data streams simultaneously on separate dedicated channels, ensuring all data arrives at the monitoring or security device in real time.

  • Court approved. A TAP provides forensically sound data/evidence that data captured is 100% accurate with time reference.
  • TAPs do not alter the time relationships of frames. Spacing and response times are especially important with VoIP and Triple Play analysis including FDX analysis.
  • Fiber TAPS are 100% passive and have no power.
  • Network TAPs have no IP address, no MAC address and cannot be hacked.
SPAN - Switch Port for Analysis
TAP-v-SPAN diagram-SPAN.png

Port Mirroring also known as SPAN (Switched Port Analyzer), sends a copy of all network packets seen on one port (or an entire VLAN) to another port, where the packets can be analyzed.

  • SPAN sessions do not interfere with the normal operation of the switch.
  • Remotely configurable from any system connected to the switch.
  • Disallows bidirectional traffic on that port to protect against backflow of traffic into the network.

What does Cisco say about data capture and SPAN ports?
"The switch treats SPAN data with a lower priority than to-port data...the best strategy is to make decisions based on the traffic levels of the configuration and when in doubt to use the SPAN port only for relatively low-throughput situations." - Cisco


Blog Feed



Ready to solve a problem?

Explore TAP vs SPAN Scenarios:


Real Network Visualization Considerations for Professionals

Network security and management personnel must have full access and using TAP (test access points) technology is the only viable and reliable technology for that job. Still not convinced? This white paper will cover the value TAP access will provide and remove all the misinformation about SPAN or monitor access through switches and false products.

Learn More



TAP Toons

TAP into Technology | TAP vs SPAN

Leading the way in Network Technology
TAP Test: Do you need a Network TAP?

TAP Test: Do you need a Network TAP?

Whether you are proactively designing a network for a new office or data center location, or looking to make changes to your current infrastructure, there are a lot of questions to ask during the

Understanding Advanced Features in a Network Packet Broker

Understanding Advanced Features in a Network Packet Broker

Network Packet Brokers (NPBs) have come a long way from their modest roots as data monitoring switches, though their intended application remains nearly the same.  The NPB is still primarily used as

7 reasons why you shouldn’t choose SPAN as a real visibility access device!

7 reasons why you shouldn’t choose SPAN as a real visibility access device!

Every day I come across network techs who continue to rely on SPAN ports for their network access method.  This blows my mind as its been proven time and again why you shouldn’t rely on SPAN ports.