Difference between revisions of "Esxi Packet Capture"
Jump to navigation
Jump to search
(Created page with "- Vsphere - Networking - dvSwitch01 - Configure -> Settings -> Port Mirror - ``` Session Type: Encapsulated Remote Mirroring (L3) Source Encapsolation Type: GRE Sources <vm h...") |
|||
| Line 12: | Line 12: | ||
Enable | Enable | ||
| + | |||
| + | |||
| + | ``` | ||
| + | sudo tshark -lnnpi ens160 -f "proto 47" -d ip.proto==47,gre -Y 'tls.handshake.extension.type == "server_name" || http.host' -T fields -e ip.src -e ip.dst -e tcp.dstport -e http.host -e tls.handshake.extensions_server_name | grep my.domain.com | ||
| + | ``` | ||
Revision as of 00:37, 8 February 2022
- Vsphere
- Networking
- dvSwitch01
- Configure -> Settings -> Port Mirror
Session Type: Encapsulated Remote Mirroring (L3) Source Encapsolation Type: GRE Sources <vm hosts> destination: ip address you want to send gre packets containing pcap packets
Enable
sudo tshark -lnnpi ens160 -f "proto 47" -d ip.proto==47,gre -Y 'tls.handshake.extension.type == "server_name" || http.host' -T fields -e ip.src -e ip.dst -e tcp.dstport -e http.host -e tls.handshake.extensions_server_name | grep my.domain.com