0

I've got a Linux server that is a VM running on ESXi 6.7. We're running into some network trouble with it, and I'm trying to use tcpdump to capture traffic on the VM itself, but I'm getting only the traffic generated by the server, and not the inbound traffic.

I've looked at solutions online and a lot of them are about running the capture directly on the virtual switch on the ESX host itself. (which I may still have to do at some point)

This seems like it should be a reasonably straight-forward process. How do I configure the interface in the Linux VM to allow full (promiscuous) packet captures? Are the changes all in the VM itself (in Linux), or do I also need to make changes to the VMWare config for the VM?

Thanks all!

le_jawa
  • 113
  • 1
  • 6
  • so, how are you running tcpdump exactly? In our vmware environment (which I do not adminster, but do have root on the some linux vms) I can certainly capture traffic using tcpdump, both in and outbound – natxo asenjo Feb 05 '20 at 17:30
  • right off of the Wireshark documentation: tcpdump -i -s 65535 -w – le_jawa Feb 05 '20 at 17:57
  • try not using the -s switch, the man page warns for loss of packets when using this. In multihomed systems you do not see traffic coming from interfaces not specified on -i, buty you could try -i any to use it as a wildcard. – natxo asenjo Feb 05 '20 at 18:29
  • Ok, that's good to know about the -s; I should have read that. We have already started using "any" instead of a specific interface, and that does seemed to have helped. – le_jawa Feb 05 '20 at 20:04
  • nice to know it's working. I'll add my comment as the answer, and you can accept it then ;-) – natxo asenjo Feb 05 '20 at 20:15
  • Sounds good, thanks for the help! – le_jawa Feb 05 '20 at 20:19

1 Answers1

0

try not using the -s switch, the man page warns for loss of packets when using this. In multihomed systems you do not see traffic coming from interfaces not specified on -i, buty you could try -i any to use it as a wildcard.

natxo asenjo
  • 5,641
  • 2
  • 25
  • 27