On ESXi host, vsip module maintains rules and flow table. You can use vsipioctl command to get connections or flow stats on VM.

Use summarize-dvfilter to get filter name.

vsipioctl getconnections -f <dvfilter-name> -t <refresh interval in seconds>

On KVM, conntrack module keep track of connections.

ovs-appctl dpctl/dump-conntrack -m

You can refer below documents for more information on dfw troubleshooting.

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-7BCCF652-7825-4023-A5F3-...

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-E7A7C5BE-C23E-4E6A-8B73-...

Hope this helps.