VMware Cloud Community
apolonie
Enthusiast
Enthusiast
‎03-08-2021 01:58 PM
Jump to solution

Attempt to Capture Network Traffic from a particular VM using only PowerCLI commands

Hi all,

Is it possible to capture traffic from a particular VM using only PowerCLI commands in powershell? For example, I've followed the documentation at:

https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.networking.doc/GUID-F1AC7100-FFBB-4...

I first ssh into the ESXI host that hosts my particular VM I want to monitor, say Node1. Then, I run "esxtop" followed by "N" to locate my virtual machine adapter's Port ID. Then in the host shell, I run pktcap-uw --switchport *portID* --outfile Node1_1_packets.pcap --count 60 to get a small pcap file of the VM's traffic.

The problem is I don't see a way via the powerCLI documentation to have this all done within a powershell instance on the User's system (Windows 10 PC). The goal is to have it all automated so that when a VM is running, I have a script that will automatically start recording the traffic and will return the pcap file back to the user's system when done recording. Any helpful pointers or if there's already a forum on this that I missed would be greatly appreciated!

 

Edit: Also, would it be easier to do this if the Adapter was a E1000e adapter instead?

Reply
0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
‎03-08-2021 11:51 PM
Jump to solution

You can do all these esxi commands through an SSH session from PowerCLI, you will need something like the Posh-SSH module.
See for example Use Posh-SSH instead of PuTTY

Getting the PortId of a VM can be done through the Get-EsxCli cmdlet with the esxcli network vm list and esxcli network vm port list -w <worldid> commands.
No need to use esxtop for that.

 


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

Reply
4 Replies
LucD
Leadership
Leadership
‎03-08-2021 11:51 PM
Jump to solution

You can do all these esxi commands through an SSH session from PowerCLI, you will need something like the Posh-SSH module.
See for example Use Posh-SSH instead of PuTTY

Getting the PortId of a VM can be done through the Get-EsxCli cmdlet with the esxcli network vm list and esxcli network vm port list -w <worldid> commands.
No need to use esxtop for that.

 


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
apolonie
Enthusiast
Enthusiast
‎03-09-2021 08:46 PM
Jump to solution

Hi LucD,

 

Thanks for the help as always. One thing though is that I see an error when attempting to use Posh-SSH for logging into esxi 6.7 server. Do you know if there's a config setting I have to change? Error is: 

 

New-SSHSession : No connection could be made because the target machine actively refused it
+ New-SSHSession -ComputerName "My_Server_IPl" -Credential $ ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (Renci.SshNet.SshClient:SshClient) [New-SSHSession], SocketException
+ FullyQualifiedErrorId : SSH.NewSshSession

Preview file
65 KB
Reply
0 Kudos
LucD
Leadership
Leadership
‎03-09-2021 10:46 PM
Jump to solution

Looks like SSH is not running or allowed on that ESXi node.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
apolonie
Enthusiast
Enthusiast
‎03-10-2021 08:24 AM
Jump to solution

Ah, I see. I reset the server and it reset the ssh configuration. Thanks again for your help.

Reply
0 Kudos