The following describes the basic concepts of monitoring network traffic:
- To troubleshoot many network related issue, the tcpdump can be utilized to capture TCP/IP traffic.
- Analyzing network traffic requires advance understanding of TCP/IP stack protocol to make sense of hidden TCP/IP messages captured.
This article emphasizes capturing and sniffing TCP/IP network traffic on ESX host.
The ESX 3.x Service Console is equipped with the utilities esxnet-support and tcpdump for network troubleshooting.
To capture TCP/IP packets in and out of an ESX host:
- esxnet-support: This ESX script utilizes the tcpdump utility to create sniffer interface and capture ESX network traffic and generate tcpdump.gz file, to be analyzed for later.
- tcpdump: This utility is shipped with ESX and runs at the Service Console (SC) TCP/IP stack. tcpdump is a command line tool used at root access level of ESX console connection for real time capturing to be displayed on the console screen.
Symptoms:
The following ESX network issues can be resolved by sniffing TCP/IP messages:
- VMware VMotion fails at 10%
- Connection fails to certain host and networks
- Sessions to network services fail
- Analyzing bandwidth and network services communication
cannot-vmotion connect-esx connection-fails-esx connection-fails-network connect-vm network-connection network-performance