A network TAP (Test Access Point) is a simple device that connects directly to the cabling infrastructure to split or copy packets for use in analysis, security or general network management. Although the term “Tap” predates the networking industry by decades, the IT industry has generally adopted the term to mean Test Access Point.
Since a network TAP provides the most effective means to copy actual traffic running across a system, the remainder of this paper is dedicated to TAP types, usage and functionality. It should be noted that TAPs are available for a wide variety of network speeds and cable types. Instead of two switches or routers connecting directly to each other, the network TAP sits between the two endpoint devices connected directly to each of them. Then traffic is seen and copied, providing visibility into the networked traffic. See Figure 1.
TAPs are straightforward devices that run for years and are generally placed in secured locations. Once the traffic is tapped, the copy can be used for any sort of monitoring, security, or analytical use. Thus, TAPs are a key component of any visibility system.
It is really that simple. If the TAP fails to work, there is probably a cabling issue or a bad connection. Do be aware that installing or replacing a TAP in an existing environment does bring down the link while the cables are reconnected. So TAP installations are typically scheduled during pre-defined maintenance windows, or during the network architecture design phase, prior to running live traffic.
Optical fiber sends light from a transceiver through a thin glass cable to a receiver on the other end. Instead of connecting directly to each other, each of the two endpoint nodes (switches, routers, database, etc) are connected to network ports on the TAP. These special ports are physically wired in pairs such that traffic continually passes through them. In addition to the network ports are monitoring ports. The monitoring ports send out complete copies of the traffic seen, as shown in Figure 2.