Capturing a network trace in ESXi using Tech Support Mode or ESXi Shell
This article provides information on capturing network traces in ESXi 4.0 Update 1, ESXi 4.1 and ESXi 5.x. You may want to capture the network traces to investigate network problems.
To capture the network traces in ESXi 4.x and ESXi 5.x, you can use the tcpdump-uw command in the Tech Support Mode.
Note: In ESXi 5.x, Tech Support Mode is replaced by ESXi Shell. For more information, see Using ESXi Shell in ESXi 5.0 (2004746).
The tcpdump-uw command is based on the standard tcpdump utility. Network traces are captured from the perspective of a network interface. The examples in this article use vmk0, though any VMKernel network interface could be used.
Capturing network traces with tcpdump-uw
To list the vmkernel interfaces, use the esxcfg-vmknic command with the -l option:
# esxcfg-vmknic -l
To display packets on the vmkernel interface vmk0, use the tcpdump-uw command with the -i option: # tcpdump-uw -i vmk0
Note: By default, the tcpdump and tcpdump-uw commands capture only the first 68 bytes of data from a packet.
To capture the entire packet, use the tcpdump-uw command with the -s option with a value of 1514 for normal traffic and 9014 if Jumbo Frames are enabled.