Capture packets in VM

1. “sudo setcap ‘CAP_NET_RAW+eip CAP_NET_ADMIN+eip’ /usr/bin/dumpcap” so non-root user will be able to capture packets;
2. The vSwitch in your ESXi host is in promiscuous mode;
3. The port group in which your VM that’s running sniffer is in VLAN ALL(4095), so that it won’t drop off any inbound 802.1Q tagged packets;
4. On external phsical switch, enable encapsulation replicate on destination SPAN interface.
configure terminal
default interface Gi1/0/43

monitor session 1 source interface Gi1/0/21
monitor session 1 destination interface Gi1/0/43 encapsulation replicate

This entry was posted in Internet, VMware. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s