Wireshark vs Netskope Packet Capture


Is there a difference between wireshark vs netskope packet capture when collecting trace?


3 replies

Badge +1



The NS client has 2 captures,

  • the inner packet capture captures the steered traffic (wireshark cannot capture this traffic)
  • Outer packet capture, same as wireshark capture.

Depending on what you are debugging you can use wireshark or use the inner packet capture option along with wireshark captures.




Userlevel 6
Badge +16

To add to @Vignesh_P’s comment.  The outer packet capture (equivalent to what Wireshark will see) will provide info on the Netskope client tunnel and all other traffic on the system including exceptions. 

The Netskope client’s inner tunnel packet capture is valuable because it has the actual connection info and behavior for the traffic being sent to Netskope for both inline SWG and Cloud Firewall as well as NPA.  This is helpful in end to end troubleshooting. 

Userlevel 2
Badge +10

Dear All

From the above discussion can we conclude that NS packet capture is enough for troubleshooting purposes or at times Wireshark is required.

Why I am asking is that there is a free license limitation on one of the component of Wireshark and due to that it is an overhead to install and uninstall wireshark post troubleshooting. Also, the installer doesn’t allow silent install/uninstall so that it can be managed/deployed via MDM solutions and ease up the install/uninstall process.