Why do network taps have four ports?

34

2

I've been looking at a hardware network tap like this one to replace a pseudo-permanent SPAN that's been running on a Catalyst switch. All the taps I find have four interfaces: A, B, and two output ports (one for each direction). Ideally I would prefer to funnel the traffic from both directions into one cable so I only have to capture from one interface. Why do taps always seem to have two output ports?

Jeremy Stretch

Posted 2013-05-15T20:29:01.537

Reputation: 3 438

Did any answer help you? if so, you should accept the answer so that the question doesn't keep popping up forever, looking for an answer. Alternatively, you could provide and accept your own answer. – Ron Maupin – 2017-08-08T09:17:25.933

Answers

35

Hardware network taps provide one output port in each direction to ensure that traffic can be replicated at line rate. For example, a 100 Mbps Ethernet connection provides a theoretical maximum of 200 Mbps of total bandwidth; 100 Mbps in each way. If you tried to capture traffic from a line which was carrying 75 Mbps in each direction, you would need at least 150 Mbps of one-way bandwidth: more than a single 100 Mbps connection can carry. Hence, taps include two output ports operating at the same speed as the line being monitored.

Jeremy Stretch

Posted 2013-05-15T20:29:01.537

Reputation: 3 438

9

Not all taps are "passive". Look a few tabs down for "aggregation" taps

Yes, the most common quoted reason is to allow linerate monitoring, but the truth is far simpler... it takes pratically no logic to individually mirror the electrical signaling in each direction. (at least for 10/100, gig uses all four pairs) [I have various 10/100 passive taps. Most of them have maybe $5 worth of logic in them. The good aggregation taps are tiny highspeed computers.]

Ricky Beam

Posted 2013-05-15T20:29:01.537

Reputation: 21 142

6

Like Jeremy said, you're only able to tap at line speed in one direction because normal connections are full duplex; you're only receiving. An added benefit/side effect/reason for doing so is to ensure that you don't put any packets back out on the wire (for passive taps).

underscor

Posted 2013-05-15T20:29:01.537

Reputation: 61