tcpdump vs pktdump: How to use them

 

tcpdump & pktdump are two different tools for capturing and analyzing received/transferred packets/frames to/from ESXi host. for some troubleshooting situation especially in the case of networking and communication problems, you will need these tools. In this post I want to demonstrate and talk about how to work with these useful CLIs

tcpdump-uw is a great CLI that exists in the ESXi host for packet capturing. Most of the times, we should know about the details of network traffics of each VMkernel port on the ESXi, But before that, you need to understand, verify and analyze the results of the tcpdump-uw command.

Before working with tcpdump-uw, we need to learn about existing VMkernel ports in the host via running: 

esxcli network ip interface ipv4 get

or you can check it via tcpdump-uw -D

-i select the appropriate interface/network adapter for listening Rx/Tx packets 

-n no name resolution occurred

-t no time information included

-c to specify count of caputerd packets

-e ethernet frame include MAC address for each packet

-w export the capture packets into the file

-s0 collect the entire packets. 

Also if you need to exclude specific protocol or port for example http traffic on TCP port 80 you can add not tcp port 80.

It's possible to show more details of captured data by adding -v syntax( or -vv & -vvv to give more detail).

for including TCP headers and TCP flag states, consider each of following syanxes (with -q you can skip all of them):

-s syn / -p push / -f finish / -r reset

Some examples of tcpdump-uw usage:

# tcpdump-uw -i vmk0 icmp
# tcpdump-uw -i vmk0 -w caputerdpackets.pcap
# tcpdump-uw -i vmk0 host x.x.x.x# tcpdump-uw -i vmk0 not arp and not port 22 and not port 53
# tcpdump-uw -i vmk0 -c 10

Just remember this CLI can only capt660606ure packets / frames in the vmkernel level so to capture frames at the uplinks or vSwitch or virtual port pktcap-uw can be used for other traffics of ESXi host. By default pktcap-uw will capture ony inbound traffics, but after release of ESXi 6.7 you can specify direction path:

 --dir 0 (Incoming) / --dir 1 (Outgoing) / --dir 2 (In/Out)

(Remember that in the earlier versions you can only specify for only one direction.) There is a list of useful syntax of pktcap-uw:

--vmk vmk0  capture traffics on vmkernel port vmk0

--uplink vmnic0  capture trafffics on physical port vmnic0

-o capturedfile.pcap export the output to the file

-G 10 specify time per seconds for specifying capturing duration

-C 100 specify file size per megabytes

--swichport 11 specify exact port on virtual switch. 

There is an example of pktcap-uw:

pktcap-uw --vmk vmk0 -o /vmfs/volumes/datastore1/_export_/capture.pcap -switchport 6666  -c 1000 

 

For more information you can reffer to following links:

https://kb.vmware.com/s/article/2051814

https://www.virten.net/2015/10/esxi-network-troubleshooting-with-tcpdump-uw-and-pktcap-uw/

https://nielshagoort.com/2018/12/20/esxi-network-troubleshooting-tools/

 

VMware Tanzu Mission Control (TMC)

Do you need to accelerate the building of cloud-native applications or improve their deployment in your cloud without any limitation?

VMware Tanzu is one of the greatest subjects of VMworld 2019 that want to answer and resolve your issues and lead your cloud apps provisioning with this motto: Any App in any Cloud & Any Cluster even Kubernetes!

VMware explained about Tanzu Mission Control (TMC):

1. Automatically provision new clusters and attach existing clusters running in multiple environments—including vSphere, VMC, public clouds, and managed Kubernetes services—for centralized management and operations.

2. Easily set policies for access, backup, networking, and more, and enforce the right configuration across fleets of clusters and applications running in multiple clouds."

3. With policies and configuration in place, safely enable developers with self-service access to the resources they need to deploy their applications in multiple clouds—without changing their native workflows. 

As Tom Fenton mentioned in this link it looks like TMC will be a SaaS-based control plane and will treat your K8s clusters like a new layer of abstraction. TMC will give you lifecycle management and control, role-based access control and the ability to inspect the health of your K8s clusters (most of Day2 Operations). Also, you'll be able to manage the entire lifecycle of your K8s clusters: From instantiation to decommissioning

It seems that managing multiple Kubernetes clusters regardless of their location is a complex challenging that VMware TMC wants to resolve it.

Also see the following overview video of VMware CEO Pat Gelsinger about VMware Tanzu:

vSphere Distributed Switch Design & Configuration - Part V: Migrating VM Networking

This is the final chapter of vSphere Distributed Switch Migration & Configuration. I hope it would be helpful for you all: