Esxi Packet Capture

From UVOO Tech Wiki

Jump to navigation Jump to search

Vsphere
Networking
dvSwitch01
Configure -> Settings -> Port Mirror

Session Type: Encapsulated Remote Mirroring (L3) Source
Encapsolation Type: GRE
Sources <vm hosts>
destination: ip address you want to send gre packets containing pcap packets

Enable

sudo tshark -lnnpi ens160 -f "proto 47" -d ip.proto==47,gre -Y 'tcp.port==443 and tls.handshake.extension.type=="server_name" || http.host' -T fields -e ip.src -e ip.dst -e tcp.dstport -e http.host -e tls.handshake.extensions_server_name | grep my.domain.com

Retrieved from "https://tech.uvoo.io/index.php?title=Esxi_Packet_Capture&oldid=2689"