Tag Archives: Esxi

Using the pktcap-uw tool to capture VM traffic

2 Replies

SSH on to the ESXi host the VM resides on and run command below. Replace VM-NAME with your VM’s name.

esxcli network vm list | grep -i VM-NAME

COMMAND OUTPUT:

1122341 VM-NAME dvportgroup-202593

Copy digits at beginning of output – 1122341 into command below and run command.

esxcli network vm port list -w 1122341

COMMAND OUTPUT:

Port ID: 33554507
vSwitch: VDS or VSS Name
Portgroup: dvportgroup-202593
DVPort ID: 323
MAC Address: 00:50:56:91:72:03
IP Address: 0.0.0.0
Team Uplink: vmnic1
Uplink Port ID: 33554434
Active Filters:

Copy Port ID at the beginning of output – 33554507 into capture commands below and run captures.

FOR EGRESS CAPTURE (default)

pktcap-uw --switchport 33554507 -o /tmp/VM-NAME-outbound.pcap

FOR INGRESS CAPTURE

pktcap-uw --switchport 33554507 --dir 1 -o /tmp/VM-NAME.pcap

Install WinSCP, connect to host over SCP, download pcap file from tmp folder, analyze in Wireshark

More info —

https://kb.vmware.com/s/article/2051814

SVA installation issue – “Unable to install SVA: com.symantec.vsep.VSEPException: bad certificate…”

Leave a reply

Symantec Security Virtual Appliance (SVA) was failing to deploy on to my Esxi hosts, producing the following error in the logs and on screen:

“Unable to install SVA: com.symantec.vsep.VSEPException: bad certificate, fingerprint: 99:eb:e7:73:e1:63:54:2c:94:81:7a:aa:c3:b9:3a:67:04:73:2e:ee”

Continue reading