When running tcpdump in ESX I only see broadcast traffic

When running a tcpdump within ESX you may see only broadcast traffic this is due to your vSwitch not being in promiscuous mode. To resolve this do the following :

  1. Within the vShpere Client go to Configuration / Networking.
  2. Choose the virtual switch that your would like to capture the traffic on.
  3. On the virtual switch click Properties.
  4. Under the Ports Tab choose your vSwitch and select Edit.
  5. Within the Security Tab set Promiscuous mode to Accept.

Full details of enabling your vSwitch for tcpdump please see here.

Tags: TCP, Tcpdump