Hi, Everyone
As I mentioned in the title, I'd like to capture packets from vmk3(VTEP interface), however it could not be possible as below;
So that I found some commmand and this server has not listed up in "tcpdump-uw -D" command as below.
What I try to do is, capturing packets for vxlan. (including Outer/Inner IP/MAC).
Would you give me some help? please
Thanks alot!
[root@esxcomp-01a:/tmp/jeff] tcpdump-uw -i vmk3 -w vxlan_tcpdump.pcap
tcpdump-uw: SIOCGIFHWADDR: Invalid argument
[root@esxcomp-01a:/tmp/jeff] tcpdump-uw -D
1.vmk0
2.vmk1
3.lo0
[root@esxcomp-01a:/tmp/jeff]
[root@esxcomp-01a:/tmp/jeff] esxcli network ip interface ipv4 get
Name IPv4 Address IPv4 Netmask IPv4 Broadcast Address Type DHCP DNS
---- -------------- ------------- --------------- ------------ --------
vmk0 192.168.120.51 255.255.255.0 192.168.120.255 STATIC false
vmk1 10.20.20.51 255.255.255.0 10.20.20.255 STATIC false
vmk3 192.168.110.83 255.255.255.0 192.168.110.255 STATIC false
vmk2 192.168.121.51 255.255.255.0 192.168.121.255 STATIC false
Check out this link: http://blog.ipcraft.net/packet-capture-nsx-troubleshooting-pktcap-uw/
I think you're looking for the pktcap-uw command. If you use the right parameters, you can capture packets at pretty much every point in the traffic flow (encapsulated or not).
Hi, Hans
Thanks for having an interest in this post.
And I looked at the link what you recommended but it does not relate to my question.
What I am looking for is why "vmk3" can not be captured by tcpdump-uw.
Thru 'tcpdump-uw -D', there is no vmk3 interface listed up....
Thanks alot
Probably, you can capture only switchport or physical adapter.
Not the kernel interface.
Hi, you might want to use pktcap-uw, have you try pktcap-uw?
Using the pktcap-uw tool in ESXi 5.5 and later (2051814) | VMware KB
The pktcap-uw tool is an enhanced packet capture and analysis tool that can be used in place of the legacy tcpdump-uw tool. The pktcap-uw tool is included by default in ESXi 5.5 and later versions.
See this document NSX-v Operations Guide, rev 1.5 page 60
To capture packet sent by vmkernel port:
pktcap-uw --vmk <vmknic> -o capture.pcap
To display the pcap
tcpdump-uw -enr capture.pcap
I can't find any documentation on this but VXLAN has separate TCP/IP stack and the tcpdump-uw -D probably can only list the default TCP/IP stack
This is the correct answer. tcpdump-uw only works in the default TCP/IP stack. While vmk3 is in the vxlan TCP/IP stack.
with pktcap-uw you can capture on VXLAN before encapsulation and after (on wire)
for this you can use stages and directions or Uplink recieve
also you can identify packet capture points where packets can be captured
you can use this article.
Capturing Packets by Using the pktcap-uw Utility
if need more examples I can provide my hand book with them for special need.
I advise to use ESXi for capturing for any kind of packet manipulations.
Regards Dmitri