NSX Edge Packet Capture on Multi-vNics simultaneously

On By insidepacketIn NSX, Packet

In NSX 6.1.4, I tried to perform packet capture to analysis the end to end connectivity restoration during Edge HA failover. But I only can capture packet for a single vNic at one time. Somebody may say this can be worked around by performing another packet capture on another vNIC in ESXi hosts by use of “pktcap-uw”. However,”pktcap-uw” can only capture uni-directional traffic in ESXi hosts. This behavior will bring extra challenge for packet analysis.

Luckily in the new version of NSX 6.2.4, it looks like that we can capture on different vNIC at the same time by run multiple times of “debug packet capture interface vNIC” like the below:

debug packet capture interface vNIC_2
debug packet capture interface vNIC_3

nsx-edge You can see that I successfully captured the packet on vNic_2 and vNic_3.
Then you can upload the packet capture to your SFTP server for further analysis by CLI:

debug copy scp user@url:path file-name/all

2017-03-23_090111

When you perform the packet capture, you can use filter to only capture the traffic which you are interested in.

debug packet display interface vNic_0 host_192.168.11.3_and_host_192.168.11.41
debug packet capture interface vNic_0 host_192.168.1.2_and_host_192.168.2.2_and_port_80

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s