A network tap is a piece of hardware that allows the monitoring of a computer network line. The tap is a physical device that is placed in a network environment that allows a user to monitor the activity over a portion of a network. Installing one of these devices generally requires an interruption or rerouting of network service as the lines are arranged to make room for the device. While there are many legitimate reasons to use a network tap, there are several illicit or unethical uses as well.
The vast majority of computer networks, including the Internet, are primarily made up of devices connected together with cable. A network tap allows a person to monitor the activity over a section of cable by physically inserting a tap device into the line. This term is similar to a phone tap, where a third party is able to listen in on phone calls by using a tapping device.
In most cases, a network tap consists of three ports. Two of the ports connect to the network cable being tapped—these are called A and B ports. One is an output for a monitoring device such as a computer or storage unit. The network ports usually require actual ended cables. This is one of the biggest limitations when using a network tap.
Since the A and B ports require a cable with a finished end, the places where the tap may enter the system is very limited. Generally, a person can unplug a network cable from a hardware device such as a router or switch, plug that into the tap and run a new piece of cable into the hardware device. This means the tapper must have direct physical access to the tapped network. If the tap needs to be placed in a remote spot, the tapper needs to cut the cable and cap the ends before they can use the device.
In either case, the network is unplugged temporarily while the tap is placed. If the tap is unsanctioned, this outage may alert the network’s owner that a person is intruding on his network. Even if the outage is missed, the system may record the existence of a new passive hop on the network.
Network administrators often use network taps to monitor user activity and make sure the network is performing as it should. This use of a network tap is well within the rights of the network’s owner and is not an invasion of privacy, regardless of the information observed. On the other hand, some taps are placed in order to steal personal information or learn passwords and login information for the tapped system. This usage is against the law in nearly every case.