Hi all,
Is it possible to capture traffic from a particular VM using only PowerCLI commands in powershell? For example, I've followed the documentation at:
I first ssh into the ESXI host that hosts my particular VM I want to monitor, say Node1. Then, I run "esxtop" followed by "N" to locate my virtual machine adapter's Port ID. Then in the host shell, I run pktcap-uw --switchport *portID* --outfile Node1_1_packets.pcap --count 60 to get a small pcap file of the VM's traffic.
The problem is I don't see a way via the powerCLI documentation to have this all done within a powershell instance on the User's system (Windows 10 PC). The goal is to have it all automated so that when a VM is running, I have a script that will automatically start recording the traffic and will return the pcap file back to the user's system when done recording. Any helpful pointers or if there's already a forum on this that I missed would be greatly appreciated!
Edit: Also, would it be easier to do this if the Adapter was a E1000e adapter instead?
You can do all these esxi commands through an SSH session from PowerCLI, you will need something like the Posh-SSH module.
See for example Use Posh-SSH instead of PuTTY
Getting the PortId of a VM can be done through the Get-EsxCli cmdlet with the esxcli network vm list and esxcli network vm port list -w <worldid> commands.
No need to use esxtop for that.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
You can do all these esxi commands through an SSH session from PowerCLI, you will need something like the Posh-SSH module.
See for example Use Posh-SSH instead of PuTTY
Getting the PortId of a VM can be done through the Get-EsxCli cmdlet with the esxcli network vm list and esxcli network vm port list -w <worldid> commands.
No need to use esxtop for that.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Hi LucD,
Thanks for the help as always. One thing though is that I see an error when attempting to use Posh-SSH for logging into esxi 6.7 server. Do you know if there's a config setting I have to change? Error is:
New-SSHSession : No connection could be made because the target machine actively refused it
+ New-SSHSession -ComputerName "My_Server_IPl" -Credential $ ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (Renci.SshNet.SshClient:SshClient) [New-SSHSession], SocketException
+ FullyQualifiedErrorId : SSH.NewSshSession
Looks like SSH is not running or allowed on that ESXi node.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Ah, I see. I reset the server and it reset the ssh configuration. Thanks again for your help.