Packet capturing and analysis
Starting from ESXi 5.5, the pktcap-uw tool is embedded inside the hypervisor. Some of you will be familiar with the tcpdump tool, which was already available in ESXi; pktcap is a replacement for the same. The prime reason for integrating the pktcap tool captures packets are every layer which is extremely essential in NSX world. So, we are no longer limited by capturing packets at the vmkernel layer. I have been a big fan of this tool starting from the vCloud networking and security days and I strongly believe most of us will like this tool. Before jumping into packet capturing, let's be clear about the following points:
Pktcap, by default, collects only incoming packets, and it is unidirectional. So, if we want to capture both ingress and egress traffic, we need to add certain parameters. If not, the whole purpose of capturing the packet will be defeated.Traffic direction is mentioned as
-dir 0for ingress packets.Traffic direction is mentioned as
-dir 1for...
