Hope you like it..

How to Capture & Analyze Network Traffic on ESXi

December 12, 2018 at 10:52 am Leave a comment

Being an ESXI  Implementer or an Administrator , you may come across some situations where you need to make your hands dirty 🙂 , with deep network troubleshooting.  I had a similar situation few months ago , which I would like to share it in this post.

We deployed the Horizon View (for VDI) in one of our customer’s ESXi Cluster ( 8 Nodes) environment, The Desktop users were complaining about they were not able to specific network .

 Thus to further investigate we swapped the Physical Adapter to the on-board BroadCom cards (1Gps). Then we were able to re-establish the network. We thought to engage the VMware Support with the intention to find out the root cause and get a permanent fix. The VMware support was pretty awesome and they were able to nail it very quickly.

First they used the two built-in commands on ESXI , which are

• pktcap-uw (To capture the Network Packets)
• tcpdump-uw ( To read the captured Packets)

They ran the below commands on both the NIC cards to initially capture the traffic.

• pktcap-uw –uplink vmnic0 –dir 0 –mac 00:00:00:00:00:00 —vlan 18 -o /tmp/f.pcap

uplink –  Name of the VMnic

dir      –  0  means RX Traffic

mac   –  MAC address of the machine which you are troubleshooting

vlan   –  The VLAN ID

Thereafter we read the  output of the above command using 

•     tcpdump-uw -ner /tmp/f.pcap

By comparing the output from both NIC’s  we were able to narrow down the problem to the Mellanox cards. when tagged traffic passed by on a Mellanox Network Card (10 Gbps), the reply packet was not being tagged with the proper VLAN ID causing disruption to the network traffic.

Good Luck

Muralee

Entry filed under: VMware. Tags: esxi, mellanox, packet loss.