Secure Modular Fiber Network TAP with Data Diode Functionality - for CRITIS areas, among others

NEOXPacketRaven Product Family - Copper/RJ45, SFP and Fiber Network TAPs

The term TAP is an abbreviation and stands for Test Access Port. A Network TAP, also known as an Ethernet TAP, provides a passive access point to an optical or copper-based network connection, enabling the data signals transmitted over the cable to be read and evaluated securely and reliably for analysis purposes.

These TAPs are looped into the network line to be monitored and forward all data traffic while maintaining data integrity, without interruption and without packet loss.

Once installed, a TAP can be used to transparently deliver all traffic to various monitoring applications quickly, easily, and without affecting the active network line.

In contrast to data tapping via a SPAN port, you get a much more accurate measurement result when using a TAP and can thus identify network and application errors even faster and more precisely. This saves you valuable time when troubleshooting network errors and problems.

Instead of the time-consuming configuration of SPAN ports, Network TAPs can be installed and commissioned plug-n-play, without any prior technical knowledge, in a very short time. For good reason, Cisco, the world’s leading network equipment manufacturer, therefore deliberately advises against the use of such SPAN ports for network analysis.

Network TAPs have another decisive advantage due to the way they work: they fully route bi-directional data traffic. This means that you receive the send and receive directions of a full duplex line separately and can therefore, for example, analyze a 1G line loss-free even with a maximum load of 2Gbps. As a result, you need two network interfaces on the analyzer to record the network data.

Using this method, the sending and receiving directions can be easily differentiated from one another, which eliminates another source of error. SPAN ports, on the other hand, must aggregate this data in memory before it is passed on to the SPAN port, but this is not one of the primary tasks of a switch and thus has a significant negative impact on the quality of the analysis result.

Furthermore, due to the use of mirror ports, the switch processor is more highly utilized, which can cause data loss on the SPAN port.

You can find out more about our modular Network TAPs, Split Ratios and much more here: NEOXPacketRaven Modular Fiber Network TAPs

What makes our
Secure Modular Fiber TAPs so special?

Secure Fiber TAPs have both an additional optical isolator (Data Diode functionality) and an optical filter to ensure that unwanted incoming light signals are blocked at the monitoring port to protect the network from compromise. It thus provides another security layer that offers increased protection against attackers and faulty configurations.

CRITIS Nuclear Power by-Patrick-Federi_from-Unsplash

Our optical TAPs do not require power, they are purely passive components and therefore cannot be detected in the network without expensive measuring equipment. Hackers and other attackers thus have no chance, and since the integrity of the outgoing data remains unaltered due to this tapping method, Network TAPs are increasingly used in the areas of network forensics, security and monitoring.

PacketRaven Fiber TAPs are designed for data centres and allow you to fit up to 30 network segments with TAPs using our innovative, modular 1U chassis. They support network speeds from 100Mbps up to 400Gbps. Without risk you get permanent network access and provide your monitoring and security tools with 100% reliable network data without introducing a single point of failure.

This makes our Secure TAPs especially suitable for business-critical applications and high-security areas and CRITIS infrastructures with high requirements for securing sensitive data.

They are 100% compatible with our standard modular TAPs without Data Diode Function and can be installed together in the same chassis. On top of that, they are protocol-agnostic and compatible with all monitoring systems from leading suppliers.

Secure TAPs - because CRITIS should be secure

PacketRaven Network TAPs are therefore already in the standard version among the network components via which an attack vector is excluded.

For high-security areas or critical infrastructures (CRITIS), however, even this is sometimes not enough, which is why NEOX NETWORKS now also offers a specially secured version of its Modular Fiber TAPs.

These Secure Modular TAPs have an optical filter and an optical isolator that add a Data Diode Function to the TAP. These prevent accidental or deliberate injections of unwanted data or light signals into the active network.

Due to a very high insertion loss of up to 35dB on the return channel from the monitoring port into the productive network to be protected, an additional two-tier security layer is activated. The insertion loss of the single-mode models is ~35 dB and for our multimode models ~25 dB.

Data Diode Function_Modular Fiber Network TAP
Data Diode Functionality
of the modular NEOXPacketRaven Secure Fiber Network TAPs

In addition, these TAPs are secured against unwanted or unnoticed opening by a security seal.

Use cases for Fiber TAPs with optical isolators

  • Prevent accidental connection of a passive TAP to an output port of the monitoring tool so that data is injected back into the monitored network.
  • Avoid misconfiguration of monitoring tools. These can, for example, send data back to the network in the case of legal surveillance measures by an authority,
  • which may lead to the discovery of the surveillance measure.
  • Preventing people with access to unsecured parts of a data centre from using conventional Fiber TAPs to cripple the network or inject malicious code.

Inject - from Go to Diana Polekhina's profile Diana Polekhina via Unsplash


  • Supported network speeds: 100M, 1G, 10G, 25G, 40G, 50G, 100G, 200G and 400G
  • Mirror 100% of traffic including FCS/CRC errored packets
  • Invisible in the network, no IP address, no MAC address, cannot be hacked
  • Monitoring of all OSI layers
  • 100% passive, no power supply necessary
  • Guaranteed no packet loss, no additional latency
  • Plug & play, simple installation without configuration
  • Scalable and modular, supports installation of all TAP models regardless of media type, speed and connector type
  • Split ratios of 50:50 and 70:30 are supported*.
  • Singlemode and multimode models available
  • Can be used together with our standard Modular TAPs in the same chassis
  • Supported Fiber type recognisable by TAP colour – no need to pull out
  • Wide range of supported standards
  • Designed, assembled, certified and tested in Germany

* Other split ratios on request


  • Optical isolator + filter protect the network from extraneous light injection through the monitoring port
  • Tamper-proof security seals – cannot be removed unnoticed

Models, Tech Specs, Accessories, Downloads

PacketRaven Secure Fiber TAPs
Item No. Network Fiber
Split Ratio Slot Req.
PRM-OS2-LL-50-1310S 100M/1G/10G/25G/40G/
OS2* 1310 nm LC / LC 50:50 1
PRM-OS2-LL-70-1310S 100M/1G/10G/25G/40G/
OS2* 1310 nm LC / LC 70:30 1
PRM-OS2-LL-50-1550S 100M/1G/10G/25G/40G/
OS2* 1550 nm LC / LC 50:50 1
PRM-OS2-LL-70-1550S 100M/1G/10G/25G/40G/
OS2* 1550 nm LC / LC 70:30 1
* OS1 compatible
PacketRaven Secure Fiber TAPs
Item No. Network Fiber type Wavelength Interface
Split Ratio Slot Req.
PRM-OM3-LL-50-S 1G/10G/25G/50G OM3 850 nm LC / LC 50:50 1
PRM-OM3-LL-70-S 1G/10G/25G/50G OM3 850 nm LC / LC 70:30 1
PRM-OM4-LL-50-S 1G/10G/25G/50G OM4* 850 nm LC / LC 50:50 1
PRM-OM4-LL-70-S 1G/10G/25G/50G OM4* 850 nm LC / LC 70:30 1
PRM-OM5-LL-50-S 1G/10G/25G/50G/100G OM5** 850 nm – 950 nm LC / LC 50:50 1
PRM-OM5-LL-70-S 1G/10G/25G/50G/100G OM5** 850 nm – 950 nm LC / LC 70:30 1
* OM3 compatible     ** OM4 compatible
Multimode 850 nm: OM3, OM4 Operating temperature: -20°C - +85°C
Multimode 850 nm - 950 nm: OM5 Humidity: 5% - 85%
Singlemode 1310 nm / 1550 nm: OS1, OS2 Reliability: GR-1221-CORE
Split ratio (others on request) 50:50 70:30
Multimode OM3, OM4, OM5 3.8 dB / 4.8 dB 2.2 dB / 7.1 dB
Singlemode OS1, OS2 3.4 dB / 4.4 dB 1.7 dB / 6.8 dB
PRM-CH-1U30 PacketRaven Modular Chassis - supports the installation of up to 30 TAP modules (30 slots)
NEOXPacketRaven Chassis for Modulare Fiber TAPs
PacketRaven Modular Chassis
Request a quote
or just give us a call: +49 06103 / 37 215-910

Standard Features

Up to 400G network speed
Up to
400 Gbps
Volle Netzwerktransparenz
Network Transparency
No Impairment
No impairment
of Data Traffic
100% Data
Network Data
for Attackers
No Access
No Network Access
via Monitoring Port
Power Loss
No power supply
Split Ratios
Scalable and modular
Scalable and
Color Coded Connectors
Entworfen, assembliert, zertifiziert und getestet in Deutschland
Made in

Extra Security Features

Data Diode Functionality - through optical isolator and optical filter
Data Diode Functionality against undesired light injections
Security seal
Security seal
against unnoticed opening


Whitepaper Network TAP vs SPAN/Mirror-Port
Whitepaper – Network TAP vs SPAN/Mirror Port
Whitepaper Download - Network TAPs in CRITIS
Whitepaper – Network TAPs in the CRITIS area
Datasheet – Secure Network TAPs

Customers who viewed this product were also interested in the following products:

PacketRaven Portable

Network TAPs

PacketRaven - Portable Ntwork TAP Family

PacketRaven Modular

Network TAPs

PacketRaven Virtual

Network TAP

PacketRavenVirtual - Virtual Network TAP - vTAP

PacketRaven Y-Cable

for Fiber Network TAPs

Y-cable for fibre/fiber network TAPs

We will be happy to consult you and look forward to hearing from you!