Total Pageviews

My YouTube Channel

Saturday, 5 April 2014

Using the pktcap-uw tool in ESXi 5.5 (2051814)


The pktcap-uw tool is an enhanced packet capture and analysis tool that can be used in place of the legacy tcpdump-uw tool. Thepktcap-uw tool is included by default in ESXi 5.5.

Note: The tcpdump-uw tool can only capture packets/frames at the vmkernel interface level and cannot capture frames at the uplinks, or vSwitch, or virtual port levels. The new pktcap-uw tool allows traffic to be captured at all points within the hypervisor for greater flexibility and improved troubleshooting.
This article provides information on using the pktcap-uw tool for packet capture and analysis.


Using the pktcap-uw tool

  • To obtain basic help and syntax information, use the -h option:

    # pktcap-uw -h |more
  • To view a live capture of a vmkernel port's traffic:

    # pktcap-uw --vmk vmkX
    For example, to capture frames/packets on vmk0:  

    # pktcap-uw --vmk vmk0
  • To view a live capture of a specific physical network card on the host (vmnic):

    # pktcap-uw --uplink vmnicX
    For example, to capture frames/packets on vmnic7:  

    # pktcap-uw --uplink vmnic7
  • To view a live capture of a particular vSwitch port for a virtual machine, use the --switchport option:

    # pktcap-uw --switchport switchportnumber
    For example, to capture frames or packets to and from a virtual machine connected to dvSwitchport 8: 

    # pktcap-uw --switchport 8
  • To capture the output to a file, use -o option:

    # pktcap-uw --vmk vmk# -o file.pcap
    For example, to capture the packets from vmk0 and save to test.pcap file under /tmp directory : 

    # pktcap-uw --vmk vmk0 -o /tmp/test.pcap
    Note: To end the capture, ensure to use Cntrl-C multiple times instead of Cntrl-Z because Cntrl-Z may leave background processes running that may prevent subsequent pktcap-uw commands from running and report the error:

    error: Can't create the session, Exiting

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.