Two common methods for gaining a window into a network are by installing a network tap or by using a mirror port (called a SPAN port by Cisco®) on a network switch. Both network taps and mirror ports provide a window into traffic on a network segment, enabling you to use a network analyzer or other monitoring tool for troubleshooting, diagnostics, security, or forensics compliance.
A network tap is a hardware device that’s installed on your network. It enables network traffic to pass through unimpeded while duplicating all data to a monitor port where it can be accessed by a network analyzer.
Port mirroring, on the other hand, is a capability built into many high-end networking devices. This feature enables the data from individual ports to be duplicated to another port, creating a mirror port that acts as a software network tap.
Best for high-speed networks with heavy traffic or for analysis that requires all network traffic.
- Captures send and receive data streams simultaneously, eliminating the risk of dropped packets.
- Provides full visibility into full-duplex networks.
- Captures everything on the wire—including Physical Layer errors—even when the network is saturated.
- Requires the purchase and installation of additional hardware.
- Analysis device may need dual-receive capture interface.
- Only captures data between network devices; can’t monitor intraswitch traffic.
Best for networks with light traffic or for analysis not affected by dropped packets.
- Low cost, using existing switch capabilities.
- Remotely configurable through the network.
- Captures intraswitch traffic.
- Drops packets on heavily used full-duplex links.
- Filters out Physical Layer errors.
- May burden the switch’s CPU to copy data.
- May change frame timing, altering response times and slowing network performance.
To see our network taps or to download a flyer with this information, visit blackbox.com/go/Taps.