Understanding the FlowTap and FlowTapLite Services
Dynamic flow capture enables you to capture packet flows on the basis of dynamic filtering criteria, using Dynamic Tasking Control Protocol (DTCP) requests. The FlowTap and FlowTap Lite services are applications that perform lawful intercept of packet flows, using Dynamic Tasking Control Protocol (DTCP). The application extends the use of DTCP to intercept IPv4 and IPv6 packets in an active monitoring router and send a copy of packets that match filter criteria to one or more content destinations. FlowTap data provides flexible trend analysis for detection of new security threats.
FlowTap data can be used in the following applications:
-
Flexible trend analysis for detection of new security threats
-
Lawful intercept
. For information about DTCP, see https://datatracker.ietf.org/doc/html/draft-cavuto-dtcp-03.
The FlowTap service is supported on MX Series routers. FlowTap filters are applied on all IPv4 traffic and do not add any perceptible delay in the forwarding path. FlowTap filters can also be applied on IPv6 traffic. For security, filters installed by one client are not visible to others and the CLI configuration does not reveal the identity of the monitored target. A lighter version of the application (FlowTapLite) is also available on ACX (Junos OS Evolved) and MX Series (Junos OS) routers. All of the FlowTapLite functionality resides in the Packet Forwarding Engine rather than in a service PIC or Dense Port Concentrator (DPC).
For detailed information about the FlowTap and FlowTapLite applications, see the following topics: