Basic TAPs - Make a copy of the signal on the wire to a secondary port for monitoring. When you use a passive TAP, you must use two monitoring ports on the NetShark for one link that you monitor, because the TAP uses a separate port to copy the traffic in each direction. Figure 4‑5 shows a TAP on a link between Device A and Device B. The TAP copies traffic in the direction from Device A to Device B on one port and the direction from Device B back to Device A on a second port.Figure 4‑5. Basic TAP ConnectivityRegeneration taps - Enables you to send the same traffic for the same monitored link to multiple devices. These taps are useful if you want to send traffic from link to both the NetShark or NetExpress and another device: for example, an IDS. Aggregation taps - Enables you to aggregate both directions of traffic on a monitored link through a single port so that you need only a single port on the NetShark or NetExpress for a link you want to monitor. If you use this method, you can potentially miss some packets if the full-duplex link is running close to line rate in both directions. Advanced/Intelligent taps - Many of the same vendors that offer intelligent SPAN or port-mirror solutions also offer solutions you can use for taps. Ensure that you understand which type of TAP you are using, keeping in mind that basic taps require two monitoring ports per monitored link, one for traffic in each direction. You can use taps on existing SPAN and port-monitoring ports. Using taps is useful if there are no longer SPAN and monitoring ports available on the switch you want to monitor. You can chain taps. For example, if you already have a TAP deployed to a monitoring device such as an IDS, you can TAP into the feed to the IDS for monitoring with the NetShark or NetExpress.
|
