{"id":395,"date":"2010-03-26T13:13:12","date_gmt":"2010-03-26T13:13:12","guid":{"rendered":"https:\/\/fir3netwp.gmsrrpobkbd.com\/2010\/03\/26\/how-do-i-run-a-packet-capture-on-esx\/"},"modified":"2021-07-24T18:49:39","modified_gmt":"2021-07-24T18:49:39","slug":"how-do-i-run-a-packet-capture-on-esx","status":"publish","type":"post","link":"https:\/\/www.fir3net.com\/Virtualization\/Vmware\/how-do-i-run-a-packet-capture-on-esx.html","title":{"rendered":"How do I run a packet capture on ESX ?"},"content":{"rendered":"
In order to run a tcpdump on ESX you will need to add a service console to your virtual switch. This is achieved via the following steps :<\/p>\n
Set the Virtual Switch to Promiscuous <\/strong><\/p>\n\n
Within the vShpere Client go to Configuration | Networking<\/strong>.<\/li>\n
Choose the virtual switch that your would like to capture the traffic on.<\/li>\n
On the virtual switch click Properties<\/strong>.<\/li>\n
Under the Ports Tab choose your vSwitch and select Edit.<\/li>\n
Within the Security Tab set Promiscuous mode<\/strong> to Accept.<\/li>\n<\/ol>\n
Add a Service Console <\/strong><\/p>\n\n
Still within the virtual switch properties :<\/li>\n
Click Add <\/strong>(under the port tab)<\/li>\n
Select Service Console<\/strong>, click Next<\/strong><\/li>\n
Add a network label and add to the VLAN ID 4095 (This will allow you to see all traffic including VLAN tagged packets)<\/li>\n
Click Next<\/strong> and then Finish<\/strong><\/li>\n<\/ol>\n
You should now see under your virtual switch the Service Console Port. This will include a new virtual switch interface (vswif). Now log into the ESX box via SSH and run a tcpdump against this vswitch interface. You will now see the traffic. Below is a small example :<\/p>\n