Problem solve
Get help with specific problems with your technologies, process and projects.
Which is a more secure data access technology: SPAN or TAP?
When monitoring traffic on a network, which is the best tool to use? Network security expert Mike Chapple gives advice.
What is a more secure data access technology: SPAN or TAP?
First, let's take a brief detour and explain these two technologies. Both are options for monitoring traffic on a network. Test access ports, or TAPs, are devices that are placed on a network segment, and they allow a passive device to connect to it. The TAP contains three ports: two for traffic and one for monitoring. When network data arrives on either of the traffic ports, the TAP provides a copy of it to both the other traffic port and the monitoring port. The arrangement allows users to connect a network sniffer or other monitoring device to the network, but without the downtime associated with creating an inline connection for it.
Switched port analyzer (SPAN) ports provide similar functionality, but occur at the switch and do not require additional...
Continue Reading This Article
Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
Step 2 of 2:
hardware. The network administrator simply configures one port on the switch to serve as a SPAN port, and the switch then delivers copies of all traffic from any port on the switch to the SPAN port, allowing for the connection of a monitoring device. From a security perspective, there's not much difference between a TAP and a SPAN port. Both are useful for monitoring network traffic (albeit at different points in the network) and provide the same basic functionality.
More information:
- Lock down IM by monitoring traffic over the network.
- Is it possible to monitor and block port-scanning activity? Learn more.
This was last published in April 2008
