Good afternoon,

Looking for some advice.  We have moved from 5 esxi hosts which all had physical nics patched into my core stack.  We had software called LANGaurdian which sat on a vm host and had a dedicated virtual NIC mapped to a physical NIC on one of the hosts and this in turn was pacthed into a mirror port on the core stack.  This physical mirror port captured all the traffic for from our physical production nics from the esxi hosts and mirrored it to the SPAN port so LANGaurdian could capture all production traffic to and from the hosts and audit it.  There was no tagging in this environment as we had enough physical nics for our different virtual switches.

We have now migrated everything over to new VXRail hosts which are connected with dual DAC cables into new top of rack switches.  This off course has made us use tagging in this new environment.  I am now trying to get the LANGaurdian system up and running if i can.  It doesnt help that the software is out of support now so i am on my own. 

I created a new port group for the monitoring port of the system and enabled promiscuous mode and made it a trunk with all vlans and attached the VM to the that port group.  All good so far. I created a port mirror using Distributed Port Mirroring and added all the nics from all production VM's and added the destination of the monitoring nic.  Started to get data through but didnt look i was getting everything (SMB and Ping traffic missing).  I connected another host to that port group and captured the traffic using wireshark to take the other monitoring out of the mix.  Same thing no ping traffic or SMB being passed.  Anything obvious i have missed out or am i doing stuff totally wrong 🙂