Monitor packets in VMware ESXi 5.5

Using the pktcap-uw tool

  • To obtain basic help and syntax information, use the -h option:# pktcap-uw -h |more
  • To view a live capture of a vmkernel port’s traffic:# pktcap-uw –vmk vmkX

    For example, to capture frames/packets on vmk0:

    # pktcap-uw –vmk vmk0

  • To view a live capture of a specific physical network card on the host (vmnic):# pktcap-uw –uplink vmnicX

    For example, to capture frames/packets on vmnic7:

    # pktcap-uw –uplink vmnic7

  • To view a live capture of a particular vSwitch port for a virtual machine, use the –switchport option:# pktcap-uw –switchport switchportnumber

    For example, to capture frames or packets to and from a virtual machine connected to dvSwitchport 8:

    # pktcap-uw –switchport 8

  • To capture the output to a file, use -o option:# pktcap-uw –vmk vmk# -o file.pcap

    For example, to capture the packets from vmk0 and save to test.pcap file under /tmp directory :

    # pktcap-uw –vmk vmk0 -o /tmp/test.pcap

    Note: To end the capture, ensure to use Cntrl-C multiple times instead of Cntrl-Z because Cntrl-Z may leave background processes running that may prevent subsequent pktcap-uw commands from running and report the error:

    error: Can’t create the session, Exiting

Source : KB 2051814

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s