fir3net
PPS-Firenetbanner-780.5x190-30-03-17

When running tcpdump in ESX I only see broadcast traffic

When running a tcpdump within ESX you may see only broadcast traffic this is due to your vSwitch not being in promiscuous mode. To resolve this do the following :

  1. Within the vShpere Client go to Configuration / Networking.
  2. Choose the virtual switch that your would like to capture the traffic on.
  3. On the virtual switch click Properties.
  4. Under the Ports Tab choose your vSwitch and select Edit.
  5. Within the Security Tab set Promiscuous mode to Accept.

Full details of enabling your vSwitch for tcpdump please see here.

Tags: TCP, Tcpdump

About the Author

RDonato

R Donato

Rick Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001