A network tap is a test access point or hardware device placed at a specific network point where data can be accessed. The aim of a network tap is for a third party to monitor the network traffic between two terminals.
Network taps are usually employed for network intrusion detection systems (NIDS), network probes, remote network monitoring (RMON) probes and Voice Over Internet Protocol (VoIP) recording.
Network taps are placed between two points of a network to monitor its segments. A pair of cables replaces the network cable between two points. Later on, the pair of cables is attached to the network tap device. Network traffic flows through the tap device without any interruption. The network tap device sends a copy of the traffic to the monitoring port without notifying the network.
Network taps are unobtrusive and undetectable. They are therefore widely used in network security applications. Network taps work with full duplex communication systems and let the traffic flow smoothly, even with traffic failure.
The advantages of Taps are –
- Taps do not change the frame spacing and response times especially for VoIP analysis.
- Taps do not introduce any additional jitter or distortion important for VoIP / media rich Video analysis.
- VLAN tags are not normally passed by other techniques like SPAN port etc while Taps pass on the Vlan information.
- Taps do not filter out physical layer errors.
- Short or large frames are not filtered
- Bad CRC frames are not filtered
- Taps do not drop packets unlike SPAN.
- Taps cannot be managed remotely through IP address therefore cannot be hacked
- Taps are completely passive and do not cause any distortion even on FDX and full bandwidth networks.
- They are also fault tolerant.
- Taps do not care if the traffic is IPv4 or IPv6, it passes all traffic through.
Network taps are categorized into four basic types:
- Breakout Taps: The simplest form of network taps, breakout taps usually consist of two input and two output ports.
- Aggregating Taps: These taps collect the network traffic information from multiple segments and combine it into a single monitoring port using a single monitoring tool.
- Regeneration Taps: These taps collect traffic information only once from one segment and send it to different monitoring devices to analyze the data.
- V-Line Taps: These allow the tap to connect a virtual inline network device.