The term TAP is an abbreviation and stands for Test Access Port. A Network TAP, also known as an Ethernet TAP, provides a passive access point to an optical or copper-based network connection, enabling the data signals transmitted over the cable to be read and evaluated securely and reliably for analysis purposes.
These TAPs are looped into the network line to be monitored and forward all data traffic while maintaining data integrity, without interruption and without packet loss.
Once installed, a TAP can be used to transparently deliver all traffic to various monitoring applications quickly, easily, and without affecting the active network line.
In contrast to data tapping via a SPAN port, you get a much more accurate measurement result when using a TAP and can thus identify network and application errors even faster and more precisely. This saves you valuable time when troubleshooting network errors and problems.
Instead of the time-consuming configuration of SPAN ports, Network TAPs can be installed and commissioned plug-n-play, without any prior technical knowledge, in a very short time. For good reason, Cisco, the world’s leading network equipment manufacturer, therefore deliberately advises against the use of such SPAN ports for network analysis.
Network TAPs have another decisive advantage due to the way they work: they fully route bi-directional data traffic. This means that you receive the send and receive directions of a full duplex line separately and can therefore, for example, analyze a 1G line loss-free even with a maximum load of 2Gbps. As a result, you need two network interfaces on the analyzer to record the network data.
Using this method, the sending and receiving directions can be easily differentiated from one another, which eliminates another source of error. SPAN ports, on the other hand, must aggregate this data in memory before it is passed on to the SPAN port, but this is not one of the primary tasks of a switch and thus has a significant negative impact on the quality of the analysis result.
Furthermore, due to the use of mirror ports, the switch processor is more highly utilized, which can cause data loss on the SPAN port.
You can find out more about our modular Network TAPs, Split Ratios and much more here: NEOXPacketRaven Modular Fiber Network TAPs
What makes our
Secure Modular Fiber TAPs so special?
Secure Fiber TAPs have both an additional optical isolator (Data Diode functionality) and an optical filter to ensure that unwanted incoming light signals are blocked at the monitoring port to protect the network from compromise. It thus provides another security layer that offers increased protection against attackers and faulty configurations.
Our optical TAPs do not require power, they are purely passive components and therefore cannot be detected in the network without expensive measuring equipment. Hackers and other attackers thus have no chance, and since the integrity of the outgoing data remains unaltered due to this tapping method, Network TAPs are increasingly used in the areas of network forensics, security and monitoring.
PacketRaven Fiber TAPs are designed for data centres and allow you to fit up to 30 network segments with TAPs using our innovative, modular 1U chassis. They support network speeds from 100Mbps up to 400Gbps. Without risk you get permanent network access and provide your monitoring and security tools with 100% reliable network data without introducing a single point of failure.
This makes our Secure TAPs especially suitable for business-critical applications and high-security areas and CRITIS infrastructures with high requirements for securing sensitive data.
They are 100% compatible with our standard modular TAPs without Data Diode Function and can be installed together in the same chassis. On top of that, they are protocol-agnostic and compatible with all monitoring systems from leading suppliers.
Secure TAPs - because CRITIS should be secure
PacketRaven Network TAPs are therefore already in the standard version among the network components via which an attack vector is excluded.
For high-security areas or critical infrastructures (CRITIS), however, even this is sometimes not enough, which is why NEOX NETWORKS now also offers a specially secured version of its Modular Fiber TAPs.
These Secure Modular TAPs have an optical filter and an optical isolator that add a Data Diode Function to the TAP. These prevent accidental or deliberate injections of unwanted data or light signals into the active network.
Due to a very high insertion loss of up to 35dB on the return channel from the monitoring port into the productive network to be protected, an additional two-tier security layer is activated. The insertion loss of the single-mode models is ~35 dB and for our multimode models ~25 dB.
In addition, these TAPs are secured against unwanted or unnoticed opening by a security seal.
Use cases for Fiber TAPs with optical isolators
- Prevent accidental connection of a passive TAP to an output port of the monitoring tool so that data is injected back into the monitored network.
- Avoid misconfiguration of monitoring tools. These can, for example, send data back to the network in the case of legal surveillance measures by an authority,
- which may lead to the discovery of the surveillance measure.
- Preventing people with access to unsecured parts of a data centre from using conventional Fiber TAPs to cripple the network or inject malicious code.
PacketRaven STANDARD FEATURES
- Supported network speeds: 100M, 1G, 10G, 25G, 40G, 50G, 100G, 200G and 400G
- Mirror 100% of traffic including FCS/CRC errored packets
- Invisible in the network, no IP address, no MAC address, cannot be hacked
- Monitoring of all OSI layers
- 100% passive, no power supply necessary
- Guaranteed no packet loss, no additional latency
- Plug & play, simple installation without configuration
- Scalable and modular, supports installation of all TAP models regardless of media type, speed and connector type
- Split ratios of 50:50 and 70:30 are supported*.
- Singlemode and multimode models available
- Can be used together with our standard Modular TAPs in the same chassis
- Supported Fiber type recognisable by TAP colour – no need to pull out
- Wide range of supported standards
- Designed, assembled, certified and tested in Germany
* Other split ratios on request
SECURE TAP ADDITIONAL FEATURES
- Optical isolator + filter protect the network from extraneous light injection through the monitoring port
- Tamper-proof security seals – cannot be removed unnoticed
| Up to |
| No impairment|
of Data Traffic
| No Network Access|
via Monitoring Port
| No power supply|
| Scalable and|
| Made in|
Extra Security Features
Data Diode Functionality against undesired light injections
| Security seal|
against unnoticed opening
Models, Technical Specifications & Accessories, Downloads
|PacketRaven Secure Fiber TAPs|
|Split Ratio||Slot Req.|
|PacketRaven Secure Fiber TAPs|
|Item No.||Network||Fiber type||Wavelength||Connector|
|Split Ratio||Slot Req.|
|PRM-OM5-LL-50-S||1G/10G/25G/50G||OM5||850 nm – 950 nm||LC||LC||50:50||1|
|PRM-OM5-LL-70-S||1G/10G/25G/50G||OM5||850 nm – 950 nm||LC||LC||70:30||1|
|SUPPORTED MEDIA TYPE||SPECIFICATIONS|
|Multimode 850 nm:||OM3, OM4||Operating temperature:||-20°C - +85°C|
|Multimode 850 nm - 950 nm:||OM5||Humidity:||5% - 85%|
|Singlemode 1310 nm / 1550 nm:||OS1, OS2||Reliability:||GR-1221-CORE|
|MAXIMUM INSERTION LOSS|
|Split ratio (others on request)||50:50||70:30|
|Multimode OM3, OM4, OM5||3.8 dB / 4.8 dB||2.2 dB / 7.1 dB|
|Singlemode OS1, OS2||3.4 dB / 4.4 dB||1.7 dB / 6.8 dB|
|PRM-CH-1U30||PacketRaven Modular Chassis - supports the installation of up to 30 TAP modules (30 slots)|