cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask the community

Is Netskope intercepting my browser traffic?

Go to solution
scoleman
Netskope
Netskope

‎04-26-2021 08:13 AM - last edited on ‎10-28-2021 03:04 PM by

Question: How can I tell if my traffic is being intercepted by Netskope from a browser?

Labels:
4 Solutions
Go to solution
spogue
Netskope
Netskope

‎04-28-2021 04:16 PM

Good day, you can check the lock icon in the URL section of your browser to see what certificate was presented to the site. If it's a goskope.com certificate then it went through Netskope.  Additionally, this traffic can be observed in SkopeIT under either the Application Events or Page Events section.  

View solution in original post

Go to solution
sreeves
Netskope
Netskope

‎04-28-2021 05:42 PM

Hi, Easiest way is to Click on the padlock in the browser and you should see your tenants netskope certificate as below <yourcompany>.goskope.com

sreeves_0-1619656832003.png

 

View solution in original post

Go to solution
btokuyoshi
Netskope
Netskope

‎04-30-2021 03:48 PM - edited ‎04-30-2021 03:53 PM

Just to clarify, checking SSL certs is a way to identify if SSL decryption is happening. Depending on how you define interception, esp from an end user's perspective, interception could also mean any inspection of traffic, including plaintext http. In which case the above method would not apply and end users would need to run a tracert.  Intentionally causing a policy violation (like downloading the eicar file) might be another way for end users to see, but this won't work if policy isn't enabled for the violation that the user is attempting.

 

View solution in original post

Go to solution
ross
Netskope
Netskope

‎05-18-2021 07:52 AM

If you're looking to confirm that your traffic is being steered through Netskope then you could use www.notskope.com - a simple webpage that will confirm the Netskope data centre that you're using (if any). Note: if you are not steering 'All Web Traffic' (i.e. you are only steering specific cloud applications) then you'll need to create a custom app for the notskope.com domain in order for it to be steered!

View solution in original post

5 Replies 5
Go to solution
blangys
Netskope
Netskope

‎04-26-2021 01:00 PM

There are a few ways that I use to quickly check to see if my traffic is traversing Netskope:  
 
I will check to see what certificate I am receiving from a TLS encrypted site.  If the certificate issuer ends with .goskope.com it means it was issued by Netskope.
 
Browse to 'notskope.com' to see what data center you are connected to.  If you are not being sent through Netskope the source will come up as unknown.  This isn't an officially sanctioned tool but it's helpful and there are other ways if it is down for some reason.
 
Build a policy that is a bit obscure, but that triggers a block page.  I pick on a particular site and built a custom category to match only that site with a custom block page.   That way I can quickly just type the URL and get my block and I know.  I will also change the name of this policy by incrementing a number in the name  ' Bob's Connectivity Check 47".  I do that because I can see if the current policy set has been synced to the data centers so that if I am testing other new policy I know that the desired policy set has been rolled out to the data center processing my traffic.
0 Likes
Go to solution
spogue
Netskope
Netskope

‎04-28-2021 04:16 PM

Good day, you can check the lock icon in the URL section of your browser to see what certificate was presented to the site. If it's a goskope.com certificate then it went through Netskope.  Additionally, this traffic can be observed in SkopeIT under either the Application Events or Page Events section.  

Go to solution
sreeves
Netskope
Netskope

‎04-28-2021 05:42 PM

Hi, Easiest way is to Click on the padlock in the browser and you should see your tenants netskope certificate as below <yourcompany>.goskope.com

sreeves_0-1619656832003.png

 

Go to solution
btokuyoshi
Netskope
Netskope

‎04-30-2021 03:48 PM - edited ‎04-30-2021 03:53 PM

Just to clarify, checking SSL certs is a way to identify if SSL decryption is happening. Depending on how you define interception, esp from an end user's perspective, interception could also mean any inspection of traffic, including plaintext http. In which case the above method would not apply and end users would need to run a tracert.  Intentionally causing a policy violation (like downloading the eicar file) might be another way for end users to see, but this won't work if policy isn't enabled for the violation that the user is attempting.

 

Go to solution
ross
Netskope
Netskope

‎05-18-2021 07:52 AM

If you're looking to confirm that your traffic is being steered through Netskope then you could use www.notskope.com - a simple webpage that will confirm the Netskope data centre that you're using (if any). Note: if you are not steering 'All Web Traffic' (i.e. you are only steering specific cloud applications) then you'll need to create a custom app for the notskope.com domain in order for it to be steered!

Labels

In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below

Sign In