Duplicate or Altered Packets
TAP vs SPAN
Challenge: How to avoid duplicate or altered Packets?
Duplicate packets are commonly seen when packets are traversing multiple routers and those switch or routers are copying traffic to the SPAN/mirror port.
You can SPAN packets in or out of a switch port, but typically most applications require a copy of both sides. SPANs are known to result in trace files with duplicated packets when the SPAN port is set up to capture both ingress and egress traffic flows. This common problem when both the ingress and egress ports are spanned, end up sending duplicate packets to the monitoring tool, which becomes a whack-a-mole type headache.
• SPAN can change the timing of the frame interactions, altering response times
• The timestamps are can read different but the packet contents are the same
• Can duplicate packets if multiple VLANs are used
Solution
Network TAPs guarantee tools complete packet data
Network TAPs ensure no duplicated or altered packets, by providing full-duplex copies of packet data, providing a complete picture for monitoring and security tools to analyze network traffic.
Network TAPs do not alter the time relationships of frames. Spacing and response times are especially important with VoIP and Triple Play analysis including FDX analysis.
Network TAPs:
• Purpose-built to pass 100% full duplex traffic
• 100% network visibility
• Pass every packet, including physical layer errors
• Support jumbo frames.