A network tap is an external device that creates a “copy” of the traffic for use by various monitoring devices. It allows port mirroring. The tap device is introduced at a point in the path of the network that is felt should be observed, so that it can copy data packets and send them to a monitoring device. The network designer will decide where that significant point for the network tap should be placed, based on the reason for observation: data gathering, analysis, general monitoring (such as for saturation and latency), or more critical, such as for intrusion detection, etc.
Although it taps into the traffic, the network tap does not modify it in any way, and the traffic on the network is unaffected by the act of monitoring or port mirroring. Since the monitoring is performed on a copy of the traffic by a device external to the network, via a tap network adapter, this deployment is often referred to as 'out of band'.
In this manner, it acts as an ‘unobtrusive observer’ of the traffic, and just feeds a copy of the data to whatever device is attached to it. This provides full network visibility at that point. At the same time, however, if the tap or monitoring device should fail – it will in no way affect the traffic or its flow.
Taps come in both passive and active versions – each type having its own particular advantages.