I'm probably missing something really obvious here, but is there a way for an ESXi host to connect to a guest via TCP/IP without the network traffic leaving the box?
The Host can reach the GuestOS trough the installed VMware Tools. You can copy stuff into it and start programs.
Every other VM which is connectet to the same vSwitch or better Portgroup can reach the VM and this east<->west traffic doesnt leave the box.
It have nothing todo with IP. Its a "internal" way from the Host into VMware Tools which can be triggert from your Windows box running vSphere CLI/PowerCLI (the invoke cmdlet) and connected to vCenter Server.
From the olds days there is also the VIX API.