Which is a more secure data access technology: SPAN or TAP?

When monitoring traffic on a network, which is the best tool to use? Network security expert Mike Chapple gives advice.

Mike Chapple, University of Notre Dame

What is a more secure data access technology: SPAN or TAP?

First, let's take a brief detour and explain these two technologies. Both are options for monitoring traffic on a network. Test access ports, or TAPs, are devices that are placed on a network segment, and they allow a passive device to connect to it. The TAP contains three ports: two for traffic and one for monitoring. When network data arrives on either of the traffic ports, the TAP provides a copy of it to both the other traffic port and the monitoring port. The arrangement allows users to connect a network sniffer or other monitoring device to the network, but without the downtime associated with creating an inline connection for it.

Switched port analyzer (SPAN) ports provide similar functionality, but occur at the switch and do not require additional...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

hardware. The network administrator simply configures one port on the switch to serve as a SPAN port, and the switch then delivers copies of all traffic from any port on the switch to the SPAN port, allowing for the connection of a monitoring device. From a security perspective, there's not much difference between a TAP and a SPAN port. Both are useful for monitoring network traffic (albeit at different points in the network) and provide the same basic functionality.

More information:

Lock down IM by monitoring traffic over the network.
Is it possible to monitor and block port-scanning activity? Learn more.

This was last published in April 2008

network visibility

How to configure a vTAP for cloud networks

Cisco telemetry data gets streamed from MDS 9700 32G modules

Brocade unveils APIs for network packet brokers

Google forms cyber insurance pact with Allianz, Munich Re

Dispelling 4 of the top cloud security myths today

Guide to cloud security management and best practices

Cisco completes $4.5 billion Acacia deal

5 steps to conduct network penetration testing

5 benefits of Wi-Fi 6 for enterprise networks

Racial, gender diversity in tech improving at a glacial pace

The future of trust must be built on data transparency

What are the advantages and disadvantages of RPA?

Microsoft makes Productivity Score useful to tech buyers

Microsoft makes Universal Print generally available

Microsoft bolsters data security in 365

Microsoft ACS going GA with preview of Teams integration

Modernize and migrate mainframe apps to the cloud

How to create snapshots for Azure VMs and managed disks

T-Mobile targets post-pandemic workplace with remote working suite

Connectivity the ‘unsung hero’ of the future of work

Williams F1 car launch disrupted by data leak