pktcap-uw

Packet capture on VMware ESXi. I usually use this in combination with tcpdump-uw

Docs: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.networking.doc/GUID-30003897-2101-459C-81FA-FCB42313237E.html

Get the switchport ID from esxtop

# pkt cap on switchport, pipe output directly to tcpdump
pktcap-uw --switchport 33557190 -o - | tcpdump-uw -enr - port 67 or port 68 -e -n
# pktcap on switchport, filter on IP
pktcap-uw --switchport 33557190 --ip 10.10.10.10 -o - | tcpdump-uw -enr - port 67 or port 68 -e -n

Note defaults on traffic dir

By default, the pktcap-uw utility captures ingress traffic.