New TCP capturing utility within esxi 5.5

In order to capture network traces we can use the tcpdump-uw command.

This too allows as to capture the network flow for a vmk interface like on this sample:

tcpdump-uw –I vmk0

this command only capture the first 68 bits

if you need to capture the entire packet you can use the –s parameter :

tcpdump-uw –I vmk0 –s 1514

or like this for a jumbo frame:

tcpdump-uw -i vmk0 -s 9014 -B 9

On esxi 5.5 you can also use the pktcap-uw command, it’s a new command that

Allow to capture not only for a vmk nic but also to capture traffic of Uplink or a switch port:

pktcap-uw –uplink vmnic7

pktcap-uw –vmk vmk0

pktcap-uw –switchport 8 (this will capture network info from or to port number 8 on a dvswitch for a specific vNic)

pktcap-uw is the new way to capture network information.


Shay Hyams


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s