Network Packet Broker(NPB): How Does It Differ from Network TAP?

September 11, 2021

Both network packet brokers(NPB) and network TAPs are devices that monitor traffic flow and protect network security when arranged with some specific monitoring and security tools. Yet these two monitoring and security tools are different in some ways. Today we are going to explore how network packet brokers differ from network TAPs.

First, let's dive into what NPB and network TAPs are and how they work.

What Is A Network TAP (Test Access Point)?

A network TAP is a tool that monitors traffic flow on a local network. It is typically a stand-alone hardware device that provides an access to the data and make an exact copy of the traffic flowing across the targeted network.

In physical networks, a network TAP is typically deployed in a network link connected between the interfaces of two network elements, such as switches or routers, and is treated as part of the network infrastructure, similar to a patch panel.

Network TAPs are the base layer of Smart Network Access and are able to monitor various events on a local network, meaning total visibility is maintained across all of the network's security and monitoring platforms, which is vital for the performance of any and all networks.

Network TAP

Figure 1: Ports of Network TAP

The network TAP has (at least) three ports: an A port, a B port, and a monitor port. A tap inserted between A and B passes all traffic (send and receive data streams) through unimpeded in real time, but also copies that same data to its monitor port, enabling a third party to listen.

What Is A NPB (Network Packet Broker)?

NPB is a device that optimizes the traffic between TAP and SPAN connections and network monitoring, security and acceleration tool. It is also called "TAP Aggregator" or "Traffic Aggregator". It enhances the performance of network analysis and security tools, helps to optimize application performance and solve network problems.

Network Packet Broker

It optimizes network security and the efficiency of monitoring and analysis tools by aggregating, filtering, traffic replicating, load balancing, and more advancedly, time stamping and packet slicing.

Typically, these features made network packet broker more valued and preferred by large enterprises, data centers, banks, governments and other industries that requires top network security.

Network Packet Broker vs TAP, What's the Difference?

  • Ports- TAPs copy traffic either to a single monitoring tool or, more often, to a network packet broker so they usually have only three to four ports. But network packet brokers service multiple QOS testing tools, network monitoring tools. Based on that technical requirement, a network packet broker usually has many more ports than a TAP. By maintaining a many-to-many (M:M) port mapping of network ports to monitoring ports, NPBs can direct network traffic efficiently, and filters can be applied to optimize bandwidth usage on the network.

  • Functions- Network TAPs provide a single function of copying the traffic flowing across your network, and then send it to SPAN or other monitoring devices. While NPB is an indispensible tool for monitoring a more complicated network with various intelligent functions, including packet reduplication, aggregation, advanced filtering, packet slicing, timestamping and load balancing.

  • Application- Network TAP is designed as a fundamental tool to acquire and copy network traffic for monitoring network traffic performance. However, network architectures are constantly becoming more complex and distributed, and so are network speeds, volumes of data, and traffic, and that is when a network packet broker was designed as a "traffic processor", to "process" the traffic intelligently according to the requirements of the monitoring and analysis devices, such as filtering, data balancing, etc. And then send the "processed" traffic to the analysis devices so as to make them work more efficiently.


Both the creation of these two devices are meant to be arranged in groups with other analysis devices to monitor the traffic and ensure network security. Compared with network TAPs, network packet brokers can accomplish traffic filtering, load balancing, SSL decryption and most importantly, optimize network security and your IT investment.

Based on that TAP provides embedded and integrated security on your network, a NPB gives possibility to virtually deploy tools, to help detect and shut down IT threats. The application of network packet brokers and TAPs avoids all impacts on your network functions and gain in flexibility to answer proactively to incidents.


You might also be interested in