Filter
Top Products
10/100 Port Aggregator Tap
11
Active Response Tap FAQs
Q: What types of active responses are supported?
A: With an Active Response Dual Port Aggregator Tap, an administrator can
transmit any type of Ethernet packet back into the original link, supporting all
common types of active responses generated by intrusion detection systems,
and by intrusion prevention systems deployed in passive mode. The most
common response types are TCP resets, and rewall rule changes. While the
Tap can support both types of responses, we advocate extreme caution in dy-
namically updating rewall rules due to the risk of disabling network services.
Because most rewalls are managed out-of-band, however, it is unlikely that
the Regeneration Tap will be part of a rule change scenario.
Q: How are collisions avoided when active responses are transmitted back
into the original link?
A: On each side of the full-duplex link, there is a small buffer for trafc ar-
riving from the network, and another small buffer for active response trafc
arriving from the monitoring device. Trafc is released from this buffer pair
on a rst-in, rst-out basis. If both sides of the buffer are empty and a packet
originating from the monitoring device and a packet originating from the
network arrive at the same time, priority is given to the network packet.