Like tcpdump, but on VMware ESXi. See also pktcap-uw
tcpdump-uw port 1514 -A -nnn
tcpdump-uw port 514 -A -nnnCapture network traffic on a ESXi-host, e.g. for NTP traffic
-nΒ = No resolve
-iΒ = Interface
-qΒ = Quick (show e.g. UDP vs local6.info)
Examples and/or in combination with pktcap-uw
tcpdump-uw -nqi vmk0 port 123
tcpdump-uw -nqi vmk0 host 1.1.1.1 and port 123
tcpdump-uw -nqi vmk0 port 123 and not host 2.2.2.2
# pkt cap on switchport, pipe output directly to tcpdump
pktcap-uw --switchport 33557190 -o - | tcpdump-uw -enr - port 67 or port 68 -e -n
# pktcap on switchport, filter on IP
pktcap-uw --switchport 33557190 --ip 10.10.10.10 -o - | tcpdump-uw -enr - port 67 or port 68 -e -nGet the
switchportID from esxtop
Useful blogs