Wireshark packet capture vs EPC


what is the difference between Wireshark packet capture and EPC (Embedded Packet Capture)?
For me it seems to be the same, but they have 2 different topics in the documentation.

Hello Lukas

When it comes to packet capturing on 3850 switches, there are two types of built-in features that allow you to do this. One uses Embedded Packet Capture about which you can find out more detailed information here:

But there is also the option of using a built-in version of Wireshark that actually runs on the device itself. This is available for the IP base and IP services versions of the IOS. This is a specialized version of Wireshark designed for the switch itself (Version 1.10.8 as per documentation).

The reason they have two different topics in the documentation is that each one is implemented differently. The portions of the document that further describe the differences between EPC and Wireshark are:

Now although both EPC and Wireshark perform much the same thing, Wireshark is more versatile and has more options. More details about their differences are found in the document itself.

I hope this has been helpful!


1 Like

Hi Laz,
thanks a lot for your great answer :slight_smile:

1 Like