Posts tagged ‘packet loss’

How to Capture & Analyze Network Traffic on ESXi

Being an ESXI¬† Implementer or an Administrator , you may come across some situations where you need to make your hands dirty ūüôā , with deep network troubleshooting.¬† I had a similar situation few months ago , which I would like to share it in this post.

We deployed the Horizon View (for VDI) in one of our customer’s ESXi Cluster ( 8 Nodes) environment, The Desktop users were complaining about they were not able to specific network .

 Thus to further investigate we swapped the Physical Adapter to the on-board BroadCom cards (1Gps). Then we were able to re-establish the network. We thought to engage the VMware Support with the intention to find out the root cause and get a permanent fix. The VMware support was pretty awesome and they were able to nail it very quickly.

First they used the two built-in commands on ESXI , which are

  • pktcap-uw (To capture the Network Packets)
  • tcpdump-uw ( To read the captured Packets)

They ran the below commands on both the NIC cards to initially capture the traffic.

  • pktcap-uw –uplink vmnic0 –dir 0 –mac 00:00:00:00:00:00 —vlan 18 -o /tmp/f.pcap

uplink –¬† Name of the VMnic

dir¬†¬†¬†¬†¬† –¬† 0¬† means RX Traffic

mac¬†¬† –¬† MAC address of the machine which you are troubleshooting

vlan¬†¬† –¬† The VLAN ID

Thereafter we read the  output of the above command using 

  • ¬†¬†¬† tcpdump-uw -ner /tmp/f.pcap

By comparing the output from both NIC’s¬† we were able to narrow down the problem to the Mellanox cards. when tagged traffic passed by on a Mellanox Network Card (10 Gbps), the reply packet was not being tagged with the proper VLAN ID causing disruption to the network traffic.


Good Luck





December 12, 2018 at 10:52 am Leave a comment



Follow Hope you like it.. on

Blog Stats

  • 21,493 hits

%d bloggers like this: