Terminology
The term network tap is analogous to phone tap or vampire tap. Some vendors have phrases for which tap is an acronym; however, those are most likely bacronyms.
The monitored traffic is sometimes referred to as the pass-through traffic, while the ports that are used for monitoring are the monitor ports. There may also be an aggregation port for full-duplex traffic, wherein the "A" traffic is aggregated with the "B" traffic, resulting in one stream of data /packets for monitoring the full-duplex communication. The packets must be aligned into a single stream using a time-of-arrival algorithm.
Vendors will tend to use terms in their marketing such as breakout, passive, aggregating, regeneration, inline power, and others. Common meanings will be discussed later. Unfortunately, vendors do not use such terms consistently. Before buying any products, be sure to understand the available features, and check with vendors or read the product literature closely to figure out how marketing terms correspond to reality. All of the "vendor terms" are common within the industry and have real definitions and are valuable points of consideration when buying a tap device.
A distributed tap is a set of network taps which report to a centralized monitoring system or packet analyzer.
Read more about this topic: Network Tap