Difference between revisions of "Esxi Packet Capture"
Jump to navigation
Jump to search
| Line 15: | Line 15: | ||
``` | ``` | ||
| − | sudo tshark -lnnpi ens160 -f "proto 47" -d ip.proto==47,gre -Y 'tls.handshake.extension.type == "server_name" || http.host' -T fields -e ip.src -e ip.dst -e tcp.dstport -e http.host -e tls.handshake.extensions_server_name | grep my.domain.com | + | sudo tshark -lnnpi ens160 -f "proto 47" -d ip.proto==47,gre -Y 'tcp.port==443 and tls.handshake.extension.type=="server_name" || http.host' -T fields -e ip.src -e ip.dst -e tcp.dstport -e http.host -e tls.handshake.extensions_server_name | grep my.domain.com |
``` | ``` | ||
Latest revision as of 00:38, 8 February 2022
- Vsphere
- Networking
- dvSwitch01
- Configure -> Settings -> Port Mirror
Session Type: Encapsulated Remote Mirroring (L3) Source Encapsolation Type: GRE Sources <vm hosts> destination: ip address you want to send gre packets containing pcap packets
Enable
sudo tshark -lnnpi ens160 -f "proto 47" -d ip.proto==47,gre -Y 'tcp.port==443 and tls.handshake.extension.type=="server_name" || http.host' -T fields -e ip.src -e ip.dst -e tcp.dstport -e http.host -e tls.handshake.extensions_server_name | grep my.domain.com