In order to capture network traces we can use the tcpdump-uw command.
This too allows as to capture the network flow for a vmk interface like on this sample:
tcpdump-uw –I vmk0
this command only capture the first 68 bits
if you need to capture the entire packet you can use the –s parameter :
tcpdump-uw –I vmk0 –s 1514
or like this for a jumbo frame:
tcpdump-uw -i vmk0 -s 9014 -B 9
On esxi 5.5 you can also use the pktcap-uw command, it’s a new command that
Allow to capture not only for a vmk nic but also to capture traffic of Uplink or a switch port:
pktcap-uw –uplink vmnic7
pktcap-uw –vmk vmk0
pktcap-uw –switchport 8 (this will capture network info from or to port number 8 on a dvswitch for a specific vNic)
pktcap-uw is the new way to capture network information.