TAP manufacturers
Posted by creining | Filed under Security
There was a thread on the pen-test mailing list about suggestions for ethernet TAPs. I replied with the TAP manufacturers that I was aware of: Intrusion, Finisar (formerly Shomiti), Net Optics, and Top Layer. One pointer I made with respect to buying a TAP was to make note of how the traffic from a full duplex link is handled. Some TAPs require
that 2 outputs are needed and you are responsible for aggregation of the
two half duplex streams while others do the aggregation and provide a
full duplex output. In the case that a full duplex output is presented
from the TAP some manufacturers products will drop
output traffic when, for example, there’s greater than 50% utilization
on each side, or greater than 100Mbps. Intrusions TAPs drop traffic if the aggregate traffic is greater than 100Mbps whereas Net Optics Port Aggregator addresses this issue by buffering data during bursts but will drop traffic once that RAM buffer is exceeded. Also, I learned from the pen-test thread of one other TAP manufacturer, Network Critical.
Comments are closed.