Accessing data in motion down to the packet level is the first step to acquiring network visibility, as nothing else provides a similar level of depth and granularity. The two most common methods to extract this information are SPAN and network TAP port technologies. But when it comes to TAP vs. SPAN ports, how do you decide which to use for a given situation?
A network TAP (Test Access Point)is a simple device that connects directly to the cabling infrastructure. Instead of two switches or routers connecting directly to each other, the network TAP sits between the two devices and all data flows through the TAP. Using an internal splitter, the TAP creates a copy of the data for monitoring while the original data continues unimpeded through the network
As seen in Figure 1, data from a network is transmitted (Tx) from device A to be received (Rx) by device B. At the same time, data can travel in the reverse direction where device B transmits data to device A. Most TAPs separately copy the transmit signals from A and B and send them to separate monitoring ports (TxA and TxB).