Packet capture is very useful and strong tools for troubleshooting as the packet always tell you the truth. From NSX 6.2.3, you can use Central CLI to perform packet capture for individual VM.
My friend Tony has published a very good blog around how to use this tools. You can refer his blog in the link below:
However, you have to understand some limition around this tool when you use. I have found 2 limitions so far.
- You can only use this tool to capture maximum 20000 packets;
- The packet capture size is up to 20MB;
So if you are going to capture a bug number of packets, you still have to use the pktcap-uw on ESXi host directly.
Just found some new thing which can help you to capture the traffic which you are interested in.
debug packet capture host host-3287 vnic 50068de0-9f44-0601-4f69-71d2391345ec.000 dir input parameters –ip 10.10.80.24
# show packet capture help host host-3287
Help information for capture options from host
The Ethernet source MAC address.
The Ethernet destination MAC address.
The Ethernet MAC address(src or dst).
The Ethernet type. HEX format.
The Ethernet VLAN ID.
The source IP address.
The destination IP address.
The IP address(src or dst).
The IP protocol.
The TCP source port.
The TCP destination port.
The TCP port(src or dst).
The vxlan id of flow.
nsxmanager#debug packet capture host host-203
vnic capture vnic
vmknic capture vmknic
vmnic capture vmnic (pnic)
vdrport capture vdrport
Quick Summary of packet capture steps:
Step 0: Get the host-id and vnic-id via running CLI “show vm vm-id” on NSX manager
Step 1: start the packet capture. (here we capture inbound traffic for a VM)
debug packet capture host host-id vnic vnic-id dir input parameters –ip 10.10.80.24
You will get a packat session-ID from the above CLI which will be used in the following steps
Step 2: Stop the capature
no debug packet capture session session-id
Step 3: Copy your packat capture to your SFTP server and user your packet capture tool (e.g. Wireshark) to analysis:
debug packet capture scp session session-id url sftpuser@sftp-server-IP:file1.pcap
Step 4: Cleat the capture session and delete the packet capture file from NSX manager
no debug packet capture session session-id discard
show packet capture sessions