Network taps enable passive monitoring

Network taps are used to create permanent access ports for passive monitoring. A tap, or test access port, can be set up between any two network devices, such as switches, routers and firewalls.

It can function as an access port for any monitoring device used to collect in-line data, including intrusion detection, protocol analysis, denial of service and remote monitoring tools.

A monitoring device connected to a tap receives the same traffic as it would if it were located directly on the wire.

The tap can send traffic data to the monitoring device by splitting or regenerating the network signal. Neither splitting nor regeneration introduce delay, or change the content or structure of information packets.

Network taps modify the strength of the transmitted network signal, so that it can be received by the other network device and the monitoring device attached to the tap.

Taps are called passive devices because they don't act on network traffic. If a tap fails, traffic continues to run, and the network is not affected.

In the case of fiber taps, the key internal components - fiber-optic splitters - do not require power. So they're not vulnerable to a power outage. Two key aspects of fiber taps are split ratio and light source.

The splitter divides the light signal into two streams, and the tap needs to make sure the network signal has enough strength to make it to its destination.

Fiber taps

The split ratio for fiber taps is determined by factors such as the devices' transmitter strength and receiver sensitivity, net losses from cable connections and length.

Because the goal is to maximize the signal retained in the network, the optimal split ratio is the highest. So if 70-to-30, 60-to-40 and 50-to-50 split ratios are viable, then splitters with a 70-to-30 split ratio are optimal.

Splitters also need to support the light source used on the links. For example, Gigabit SX devices transmit data using 850-nm lasers, so Gigabit SX taps should have compatible splitters.

This ensures accuracy in the insertion losses dictated by the chosen split ratio. Performance will not degrade from the laser light intensity, which could occur if splitters supporting lower-intensity LED transmission were used on these links.

Copper taps

Copper taps regenerate the transmitted network signal, instead of splitting it. Regeneration amplifies the signal to a level where it can be received by the other network device and the monitoring device.

Regenerating the electrical signal takes place on a powered board. When power is available to the tap, the electrical signal passes through an open bypass circuit to the area of the board where regenerating and directing the signal takes place. Copper taps are beginning to feature fail-safe reserve power within the tap to maintain this availability.

If power is not available, the bypass circuit closes, so the transmitted signal passes directly to the receiving network device. The bypass circuit requires no external input, so copper taps remain passive.