Symptoms

Overview :The pktcap-uw tool was first introduced in ESXi 5.5 and has more features than the tcpdump-uw tool that has been included in ESXi for some time. The tcpdump-uw tool is still included in 5.5 if you still would like to use it, but the pktcap-uw tool has additional features such as being able to capture traffic at the physical NIC, vSwitch, or virtual port level.Basic usage : Log into host using SSH For more information on enabling SSH : https://www.dell.com/support/troubleshooting/us/en/555/KCS/kcsarticles/articleview?docid=623809. Capture network traffic from a vmkernel port :# pktcap-uw --vmk -o /export.pcap# pktcap-uw --uplink -o /export.pcap# pktcap-uw --switchport -o /export.pcap# pktcap-uw --uplink vmnic0 -o /vmfs/volumes/datastore1/export.pcapCapture network traffic from a physical NIC :Capture network traffic from a VM's switch port :Example : Additional features and the help command :The pktcap-uw tool has many more features and options that can be used. These can be detailed by the help command : # pktcap-uw -h | less Packet Capture and Trace command usage: == Create session to capture packets == pktcap-uw [--capture | [--dir ] [--stage ]] [--switchport | --vmk | --uplink | --dvfilter ] --lifID ] [-f [module name.]] [-AFhP] [-p|--port ] [-c|--count ] [-s|--snapLen ] [-o|--outfile ] [--console] [Flow filter options] == Create session to trace packets path == pktcap-uw --trace [-AFhP] [-p|--port ] [-c|--count ] [-s|--snapLen ] [-o|--outfile ] [--console] [Flow filter options] The command options: -p, --port Specify the port number of vsocket server. -o, --outfile Specify the file name to dump the packets. If unset, output to console by default -P, --ng (only working with '-o') Using the pcapng format to dump into the file. --console (by default if without '-o') Output the captured packet info to console. -s, --snaplen Only capture the first packet buffer. -c, --count How many count packets to capture. -h Print this help. -A, --availpoints List all capture points supported. -F List all dynamic capture point functions supported. --capture Specify the capture point. Use '-A' to get the list. If not specified, will select the capture point by --dir and --stage setting The switch port options: (for Port, Uplink and Etherswitch related capture points) --switchport Specify the switch port by ID --lifID Specify the logical interface id of VDR port --vmk Specify the switch port by vmk NIC --uplink Specify the switch port by vmnic The capture point auto selection options without --capture: --dir (for --switchport, --vmk, --uplink) The direction of flow: 0- Rx (Default), 1- Tx --stage (for --switchport, --vmk, --uplink, --dvfilter) The stage at which to capture: 0- Pre: before, 1- Post:After The capture point options -f [module name.] The function name. The Default module name is 'vmkernel'. (for 'Dynamic', 'IOChain' and 'TcpipDispatch' capture points) --dvfilter Specify the dvfilter name for DVFilter related points Flow filter options, it will be applied when set: --srcmac The Ethernet source MAC address. --dstmac The Ethernet destination MAC address. --mac The Ethernet MAC address(src or dst). --ethtype 0x The Ethernet type. HEX format. --vlan The Ethernet VLAN ID. --srcip ]> The source IP address. --dstip ]> The destination IP address. --ip The IP address(src or dst). --proto 0x The IP protocol. --srcport The TCP source port. --dstport The TCP destination port. --tcpport The TCP port(src or dst). --vxlan The vxlan id of flow.

Cause

-

Resolution

-

Support Cases