VMware ESXI packet capture

Packet capture for a port :

tcpdump-uw -i vmk0 -s 1514 port 123

Increase the verbosity :

tcpdump-uw -i vmk0 -s 1514 -vvv

View traffic for a host :

tcpdump-uw -i vmk0 -s 1514 host x.x.x.x

Capture for specific port :

tcpdump-uw -i vmk0 -s 1514 port not 21 and port not 80

Capture for a protocol :

tcpdump-uw -i vmk0 -s 1514 tcp

To save to a capture file :

tcpdump-uw -i vmk0 -s 1514 -w outputFile.pcap

Capture to a file in chunks of specified size 25M , and optionally limit the number to 5 i.e. 5 chunks and then quit:

tcpdump-uw -i vmk0 -s 1514 -C 25M -W 5 -w captureFile.pcap

You may also like...