1. Clustering

The administrator can do aggregation, or clustering, on the capture ports of the GCap. It is understood by aggregation the fact that the use of TAP (without aggregation) generates two links (up and down i.e. a TX link from A to B and a TX link from B to A ), and that the GCap interprets these two links as if they were aggregated. This menu allows to define which interfaces come from the same TAP in order to have a correct flow interpretation. It is essential to have at least two capture interfaces activated on the probe.

This functionality is required if the qualified TAP present in the architecture does not provide interface aggregation functionality.

A qualified TAP corresponds at least to a so-called passive or non-intelligent (simple) TAP. That is, it does not require its own power supply and does not actively interact with other components. Most passive TAPs do not have an onboard configuration.

Unlike network ports whose traffic is both TX (transmit) and RX (receive), monitor ports are unidirectional and only send traffic. The monitored traffic is therefore separated into two transmit signals (TX-only), one copy from end A (switch X) and one copy from end B (switch Y). The interface cluster functionality on the GCap therefore makes it possible to aggregate the two TX transmissions of the TAP on to the RXs of the interfaces mon0 and mon1: