Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Skyhigh Client Proxy Support Tool - Collecting Network Traces

Overview 

From Skyhigh Client Proxy version 4.9.3 onwards, installing Wireshark is no longer required to capture network traces using the SCP SupportTool. This is now achieved by utilizing the built-in netsh trace utility in Windows. The SupportTool will collect the necessary packets and save them into a .etl file named netsh-trace.etl. To convert the .etl file into a Wireshark-readable format, the Microsoft Network Monitor tool must be used.

Steps to capture traces 

  1. Select Output Folder.
  2. Enable the Network Traces checkbox
  3. Select an Interface to capture.
  4. Click Start Capture.
  5. Reproduce the issue and Click Stop Capture.

Support tool_1.png

6. The output file will be saved to support_tool_work_dir under the name netsh-trace.etl along with the vscore logs
7. Once all the logs are collected, share the support_tool_work_dir after the initial analysis.

clipboard_e2af78afc59543551e4e42d7cb19aa7c3.png

Converting the etl file to Wireshark readable cap file

To convert the captured ETL file, use the Microsoft Network Monitor tool. This can be done on the support or development machine to verify the captured packets.

  1. Download and install the tool. 
  2. Run the Network Monitor tool
  3. Open the netsh-trace.etl file by following the path - File > Open > Capture.
  4. Save the file as a .cap file by following the path File > Save As

Sample ETL file opened in Network Monitor

clipboard_e8dc60363186935b9c515ab1e3f5e5781.png

Save the opened .etl file to .cap to view from Wireshark

clipboard_ec9c357999d72e0b0570ff10dcb03012f.png

Converted sample

clipboard_ef842e6c7156c8d672f4e3230b689eff6.png

  • Was this article helpful?