Why SPAN ports don’t cut the mustard for true copies of your network traffic, and why Network TAPs do.

Perhaps it would be fair to start by talking about a suitable time to use a SPAN port… If you rarely monitor network performance or don’t need to know the precise details of a cyber-attack, you could consider using a SPAN port to send a copy of traffic to a monitoring or analysis device.

However, if your network is critical to your business, or indeed is your business, it’s safe to assume you need to make copies of your traffic for proactive network and application performance monitoring, packet capture, lawful intercept or to analyse major attacks and breaches.

These are all very important applications, so need an exact replica of your network traffic to support an accurate and worthwhile outcome.

For years people have relied on network switch SPAN ports for making a copy of traffic, but the huge growth of applications, cyber-attacks and the networks used to deliver them means the days are numbered for network switches reliably performing their intended purpose AND delivering a lossless copy of traffic.

Three (not so) rhetorical questions for you

At peak utilisation, network switches work hard delivering your critical traffic, during which time SPAN ports can drop packets:

  1. Are you comfortable with your switch (an in-line device) providing a copy of traffic while it’s grafting to deliver your critical revenue-generating activities?

  2. How will you respond to the inevitable questions if your network switch goes down while it’s also burdened to output an (incomplete) copy of your network traffic?

  3. What do you do with the copies of traffic you don’t actually need?

And one more for good measure: SPAN ports drop all corrupt packets and won’t notify you about it – so how can you make business-critical decisions based on incomplete information?

The simple and reliable answer; Network TAPs

Network, Security and Applications Teams all need a true copy of traffic if they are to achieve their required outcomes.

Put simply, a Network TAP (Terminal Access Point) – a robust and reliable device sitting passively between a switch and a router – is the safest and most reliable means to copy and send the lossless traffic of interest to your desired monitoring tool.

If you require more copies, a Regeneration TAP can provide many instances from a single input to multiple output ports serving various devices – making your TAP a highly-valued and dependable asset to your entire ICT environment.

A TAP is just the beginning of the wider Network Visibility value proposition, because a traffic copy sent to a Network Packet Broker provides a whole host of possibilities for improving security resilience, network and application performance monitoring, scalability and industry compliance.

Watch our Network Visibility video to learn more about the benefits of Network Visibility for security resilience and performance monitoring.


We supply scalable Copper and Optical Network TAPs from world-leading manufacturers and can recommend and install a suitable TAP based on your unique requirements. To talk to us about your challenges, please complete the short form below and we’ll get straight back to you.

  • The more information you provide, the better and more quickly we can respond.

    (You can withdraw your consent at any time by using the ‘unsubscribe’ option in the messages you receive from us)

  • This field is for validation purposes and should be left unchanged.