VMware Cloud Community
VDP74
Contributor
Contributor

pktcap-uw or tcpdump-uw pcap for specific VLAN or VM traffic

Hi,

I'm new here, and I'm not sure if this is the right subforum for this question.

I have 3 ESXi vmware hosts, and I use vcenter to manage them. I have 25 VMs on one of them, 37 on another and 32 on the last one. I defined several VLAN IDs, and some VMs have interfaces in specific VLANs. The switch ports the ESXis are connected to have tagged VLANs.

Unfortunately, my root switch does not have packet dumping capabilities, so I was hoping to take advantage of the pktcap-uw and tcpdump-uw tools.

I would like to dump traffic to a specific VM -- all of it or just the one that's tagged with VLAN ID 50. Actually, I don't mind capturing *everything* that goes to the ESXi cluster for, say, 10 seconds. That should be more than enough, and I can always filter the data with wireshark.

In short, I need to dump the traffic because the system admin of a specific VM is stating that its VLAN 50 network interface is not receiving traffic from the root switch.

So, let vm1 be its name, esxi1 be the vmware physical host where vm1 is running, vmk0 be the interface through which the VM is accessible, what would the appropriate procedure to get a dump?

eg.:

# ssh esxi1

# tcpdump-uw -i vmk0 -s 1514 -w tcpdump_file.pcap -C 30M -W 1

or

# pktcap-uw --vmk vmk0 --outfile pktcap_file.pcap --count 100000

These commands complete, and I can view the pcap files in wireshark. However, I am unable to see ipv4 traffic that "I know is supposed to be there", ie. I do not see expected SRC and DST addresses of connections between LAN clients and the VMs on this host. Instead I see traffic between IP addresses of the ESXi hosts.

How can I get a dump of all the traffic where I can actually see the clients' SRC IP addresses and the VMs' DST IP addresses?

I just want to make sure the right traffic is sent to "vm1".

By the way, if I try to specify a VLAN ID as a parameter for the dump tool I get an error:

# pktcap-uw --vmk vmk0 --vlan 50 --outfile dump.pcap --count 20000

error: Wrong command.

I'm not sure what's wrong with how I wrote the command.

Regards,

Vieri

Labels (2)
Reply
0 Kudos
1 Reply
scott28tt
VMware Employee
VMware Employee

@VDP74 

Moderator: Moved to vSphere vNetwork Discussions


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
Reply
0 Kudos