I have tried to span a port on my virtual switch to enable me to see all traffic crossing my physical network for security monitoring. I'm tearing my hair out in frustration!

I am using vSphere ESXi on v6.5.

Firstly, I confirmed the traffic is visible on the physical cable by sniffing the traffic using wireshark from my laptop. Then I put that cable back into vmnic1 on my ESXi box.

I created a vSwitch, allowed promiscuous mode and connected vmnic1.

I created a new port group called SPAN and also allowed promiscuous made.

Now I connect my VM to the SPAN group via it's only network adapter and start wireshark. I can see all the broadcasts, ARP traffic, IMCP etc but none of the interesting traffic between other hosts that see when I connect my laptop to same physical network port.

Ideas as to where I going wrong would be most welcome!