what exact tcpdump should i use?
tcpdump -n host x.x.x.x -vv /tmp/filename.pcap
Like described on VMware KB 2084896 that I posted previously, the tcpdump -i interfacename -w filename should be enough to capture traffic and write to a file.
is it udp 902 on the appliance or esxi host?
or it is tcp 443 on the esxi host?
Port 902 UDP should be open between ESXi host and vCenter to managed host send regular heartbeat to vCenter server. Port TCP 443 must be open too, but that port is for another purpose, and not for heartbeat. See full port documentation here: Network ports required to access vCenter Server, ESXi, and ESX hosts (1012382) | VMware KB
---
Richardson Porto
Senior Infrastructure Specialist
LinkedIn: http://linkedin.com/in/richardsonporto
