icon-zapp.svg
Client Connector

Restricting Remote Packet Capture

Zscaler Client Connector uses the Npcap library to perform packet capture for troubleshooting.

EnablingZscaler Digital Experience (ZDX) installs Npcap.

When users run Zscaler Client Connector with Npcap functionality enabled, they can make packet capture tools available in the user space, allowing non-administrators to perform packet capture. This could elevate a user's access during a packet capture session and allow them unauthorized access. You can limit packet capture to administrators only by enabling Restrict Remote Packet Capture.

If Npcap is already installed, Zscaler Client Connector uses the registry setting to restrict remote packet capture to administrators only.

To limit packet capture to administrators only:

  1. In the Zscaler Client Connector Portal, go to Administration.
  2. In the left-side navigation, select Client Connector Support.
  3. Click the User Privacy tab.
  4. Enable Restrict Remote Packet Capture.
  5. Click Save.

Restrict Remote Access

Related Articles
About User PrivacyConfiguring Zscaler Client Connector to Collect Device Owner InformationConfiguring Zscaler Client Connector to Collect HostnamesEnabling Packet Capture for Zscaler Client ConnectorConfiguring Automatic Crash Reporting for Zscaler Client ConnectorConfiguring Zscaler Client Connector to Collect ZDX Location InformationAllow Users to Override Z-Tunnel 2.0 or ZPA Protocol SettingsAllowing Non-Administrator Users Access to Zscaler Client Connector Log FilesRestricting Remote Packet Capture