Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1187 Views 2 Replies Latest reply: Jan 30, 2013 11:03 PM by hemang soni RSS
borutlape Newcomer 1 posts since
Jan 29, 2013
Currently Being Moderated

Jan 29, 2013 4:45 AM

tap mode vs inline mode



we are planing to implement the M-3050 appliance in our core network.


We like the TAP mode, but we are not sure if it is effective as inline mode.


Can anybody share their thoughts on this?

  • Shinogi Newcomer 14 posts since
    Sep 3, 2009
    Currently Being Moderated
    1. Jan 30, 2013 8:59 PM (in response to borutlape)
    Re: tap mode vs inline mode



    The detection rate is same as inline mode.

    The difference is just the availability of block the attack packet, quarantine the attacker ip.

  • hemang soni Newcomer 6 posts since
    Jul 22, 2011
    Currently Being Moderated
    2. Jan 30, 2013 11:03 PM (in response to borutlape)
    Re: tap mode vs inline mode
    • In-line mode
      In-line mode places a Sensor directly in the network traffic path, inspecting all traffic at wire speed as it passes through the Sensor. In-line mode enables you to run the Sensor in a protection/prevention mode, where packet inspection is performed in real time, and intrusive packets can be dealt with immediately; you can drop malicious packets because the Sensor is physically in the path of all network traffic. This enables the prevention of an attack from reaching its target.

    • Full-duplex tap mode
      Tap mode works through installation of an external wire tap (I-4000,I-4010) or built-in internal taps (I-2600,I-2700). A Sensor deployed in tap mode monitors or sniffs the packet information as it traverses the network segment.

      Full-duplex taps split a link into separate transmit and receive channels. Sensors provide multiple monitoring interfaces to monitor the two channels, and Sensor ports are wired in pairs to accommodate full-duplex taps. Typically there is a limited number of SPAN ports per switch, and often there is competition for those ports. Tap mode enables you to monitor traffic on a segment of traffic where no SPAN port is available.

      The downside of tapped mode is that, unlike in-line mode, you cannot prevent attacks. Tap mode is passive; the Sensor essentially sees malicious traffic as it passes. You cannot inject response packets back through a tap, so discovering an attack in tap mode triggers a response post-attack.

More Like This

  • Retrieving data ...

Bookmarked By (0)


  • Correct Answers - 5 points
  • Helpful Answers - 3 points