SNIFFING THROUGH AN ETHERNET TAP:
An Ethernet tap is a virtual driver for network kernels. Kernels are the central and most crucial component of any operating system for computers. An Ethernet tap is used for the purpose of implementing devices for networks which basically fully support only software and have no solid hardware to back it up. An Ethernet tap works almost like an Ethernet device and works on the second layer with the packets like Ethernet frames. The most basic use of a tap is to create a sort of Network Bridge on the network.
http://affl77.bptinfo.hop.clickbank.net?x=110
Operating systems that send packets through a network tap are basically first delivered to a program of user–space which sticks to the device. This user–space program is capable of sending packets to the Ethernet tap. There is a program called stack in an operating system to which this Ethernet tap sends packets to. This is how the process emulates receiving packets from an external source.
MONITORING TRAFFIC ON A SWITCH:
If you are interested in monitoring the traffic being sent on any hub or switch and through an operating system then you can get a passive Ethernet tap for this purpose. This is most helpful if you are looking for a way to snoop traffic on an Ethernet network. On the other hand if you are looking for installing an IDS (intrusion detection system) again use a passive Ethernet tap.
For those people who are in to hacking networks, this Ethernet tap is the most famously used device. At the same time a passive Ethernet tap does not completely fall on the specifications required by an Ethernet device, but it still is enough to work well. Surprisingly you can set up a passive Ethernet tap yourself as well low setup fees. But one problem that occurs is that when we use switches the network gets divided therefore with an Ethernet tap you can only monitor one section and not the entire network.