marylou
Contributor
Contributor
‎09-21-2010 06:16 AM

no web/database traffic in portgroup promiscuous mode

I have installed ESX 3.5 Update 5 on 4 ESX hosts.

All their physical nics are bonded to one trunk.

I created 1 vswitch and on the vswitch I created different portgroups with different vlan ids.

For now everything worked fine but now I wanted to sniff traffic in my network.

So I set up a new portgroup in promiscuous mode. I added a windows and a linux vm to this portgroup.

The sniffing portgroup has vlan id auf 333 because I only want to sniff traffic which is in this vlan.

So when I sniff with windows and wireshark or linux and make a tcpdump I don't see any web traffic (tcp port 443 or tcp port 80) and database traffic (tcp port 1443). But there should be such traffic because I have webserver and database server in this vlan.

The only traffic I see in the sniffing portgroup is broadcast, multicast, ntp.

Does anyone know how this could be solved?

0 Kudos
Reply
2 Replies
MauroBonder
Leadership
Leadership
‎09-21-2010 09:15 AM

you can see a trafic with esxtop. see more in

Check out page 51 in ESX Configure Guide for how to put a vSwitch in promiscuous mode ()

*If you found this information useful, please consider awarding points for "Correct" or "Helpful"*

*Please, don't forget the awarding points for "helpful" and/or "correct" answers. *Por favor, não esqueça de atribuir os pontos se a resposta foi útil ou resolveu o problema.* Thank you/Obrigado
0 Kudos
Reply
marylou
Contributor
Contributor
‎09-21-2010 11:31 PM

thank you for you answer. but with esxtop i dont see the pakets in the vswitch.

and I configured the vswitch already like discribed in the document.

I see traffic on the portgroup but no web or database traffic only for example ntp, dns, broadcasts, arp requests, ....

and I really have to see the traffic for web and database requests.....

maybe someone has an answer Smiley Wink

0 Kudos
Reply