{"id":395,"date":"2010-03-26T13:13:12","date_gmt":"2010-03-26T13:13:12","guid":{"rendered":"https:\/\/fir3netwp.gmsrrpobkbd.com\/2010\/03\/26\/how-do-i-run-a-packet-capture-on-esx\/"},"modified":"2021-07-24T18:49:39","modified_gmt":"2021-07-24T18:49:39","slug":"how-do-i-run-a-packet-capture-on-esx","status":"publish","type":"post","link":"https:\/\/www.fir3net.com\/Virtualization\/Vmware\/how-do-i-run-a-packet-capture-on-esx.html","title":{"rendered":"How do I run a packet capture on ESX ?"},"content":{"rendered":"
In order to run a tcpdump on ESX you will need to add a service console to your virtual switch. This is achieved via the following steps :<\/p>\n
Set the Virtual Switch to Promiscuous <\/strong><\/p>\n Add a Service Console <\/strong><\/p>\n You should now see under your virtual switch the Service Console Port. This will include a new virtual switch interface (vswif). [root@ESX1 root]# tcpdump -ni vswif1 In order to run a tcpdump on ESX you will need to add a service console to your virtual switch. This is achieved via the following steps : Set the Virtual Switch to Promiscuous Within the vShpere Client go to Configuration | Networking. Choose the virtual switch that your would like to capture the traffic … Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[47],"tags":[],"yoast_head":"\n\n
\n
Now log into the ESX box via SSH and run a tcpdump against this vswitch interface. You will now see the traffic. Below is a small example :<\/p>\n
tcpdump: listening on vswif1
13:19:46.790220 802.1Q vlan#20 P0 0.0.0.0.8116 > 10.1.20.0.8116: udp 36
13:19:46.791766 802.1Q vlan#10 P0 0.0.0.0.8116 > 10.1.20.0.8116: udp 36<\/p>\n","protected":false},"excerpt":{"rendered":"