VMware Cloud Community
TryllZ
Expert
Expert

Use tcpdump to capture VLAN frames ?

Hi,

Is there a way to capture frames with VLAN tags using tcpdump in ESXi for Virtual Switching Tagging.

I have tried this but the result seems to show nothing.

Thank You

Reply
0 Kudos
2 Replies
Jangari
Enthusiast
Enthusiast

Hi, TryllZ.

Did you specify the capture point and direction properly? By default, pktcap-uw captures only ingress traffic. If you capture bi-directional traffic, you must exec pktcap-uw with --dir 2 option.

pktcap-uw Command Syntax for Capturing Packets

capture_point_options

--dir {0|1|2}

Capture packets according to the direction of the flow with regard to the virtual switch.0 stands for incoming traffic, 1 for outgoing traffic, and 2 for bidirectional traffic.

By default, the pktcap-uw utility captures ingress traffic.

To determine the capture point, the IOChain diagram in the following blog post is helpful.

ESXi Network Troubleshooting Tools 

Reply
0 Kudos
TryllZ
Expert
Expert

Thanks a lot.

I did try that with both, vmnic and vmkernel, still cannot see VLAN tags in the Wireshark file.

I will try to get it through the switchport ID of the vSwitch.

Reply
0 Kudos