Limitation of NSX Central CLI Packet Capture

Packet capture is very useful and strong tools for troubleshooting as the packet always tell you the truth. From NSX 6.2.3, you can use Central CLI to perform packet capture for individual VM.

My friend Tony has published a very good blog around how to use this tools. You can refer his blog in the link below:

However, you have to understand some limition around this tool when you use. I have found 2 limitions so far.

  1. You can only use this tool to capture maximum 20000 packets;
  2. The packet capture size is up to 20MB;

So if you are going to capture a bug number of packets, you still have to use the pktcap-uw on ESXi host directly.

Just found some new thing which can help you to capture the traffic which you are interested in.

debug packet capture host host-3287 vnic 50068de0-9f44-0601-4f69-71d2391345ec.000 dir input parameters –ip

# show packet capture help host host-3287

Help information for capture options from host
                The Ethernet source MAC address.
                The Ethernet destination MAC address.
                The Ethernet MAC address(src or dst).
        –ethtype 0x
                The Ethernet type. HEX format.
                The Ethernet VLAN ID.
        –srcip <x.x.x.x[/]>
                The source IP address.
        –dstip <x.x.x.x[/]>
                The destination IP address.
                The IP address(src or dst).
        –proto 0x
                The IP protocol.
                The TCP source port.
                The TCP destination port.
                The TCP port(src or dst).
                The vxlan id of flow.

nsxmanager#debug packet capture host host-203
vnic capture vnic
vmknic capture vmknic
vmnic capture vmnic (pnic)
vdrport capture vdrport

Quick Summary of packet capture steps:

Step 0: Get the host-id and vnic-id via running CLI “show vm vm-id” on NSX manager

Step 1: start the packet capture. (here we capture inbound traffic for a VM)

debug packet capture host host-id vnic vnic-id dir input parameters –ip

You will get a packat session-ID from the above CLI which will be used in the following steps

Step 2: Stop the capature

no debug packet capture session session-id

Step 3: Copy your packat capture to your SFTP server and user your packet capture tool (e.g. Wireshark) to analysis:

debug packet capture scp session session-id url sftpuser@sftp-server-IP:file1.pcap

Step 4: Cleat the capture session and delete the packet capture file from NSX manager

no debug packet capture session session-id discard

show packet capture sessions

One thought on “Limitation of NSX Central CLI Packet Capture

  1. Pingback: Perform Packet Capture on VMware ESXi Host for NSX Troubleshooting – InsidePacket

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s