Tuesday, August 19, 2014

The pktcap-uw utility in Esxi 5.5

pktcap-uw is an enhanced packet capture tool introduced in 5.5 that replaces the legacy tcpdump-uw utility. It can be used to capture packets using physical nics, vmkernel ports or switch port. It is simply more robust and powerful than the older tool. What follows are the main options for this command.

Here is how to use it.

To get help on how to use the command:

pktcap-uw -h | more

To capture frames using a particular vmkernel port

pktcap-uw --vmk vmk0

To capture frames using an uplink

pktcap-uw --uplink vmnic0

To capture frames using a particular switch port

pktcap-uw --switchport 10

To redirect output to a file

pktcap-uw --vmk vmk0 -o /myfile

Note: Control C to end the session.

Some captures here:

No comments:

Post a Comment