The CLI command used for packet capture on the ESXi Node is pktcap-uw. It is a utility that can be used to capture network traffic on a specific interface. It is similar to the tcpdump command, but it is designed to be used on ESXi hosts.
To use pktcap-uw, you will need to connect to the ESXi host CLI. You can do this using SSH or the console.
Once you are connected to the CLI, run the following command:
pktcap-uw -i <interface> -w <file-name>
This will start capturing network traffic on the specified interface and save the captured traffic to the specified file.
To stop the capture, press Ctrl+C.
The captured traffic will be saved in a binary format. You can use a network analyzer, such as Wireshark, to analyze the captured traffic.
Here are some examples of how to use the pktcap-uw command:
To capture all traffic on the vmnic0 interface, run the following command:
pktcap-uw -i vmnic0 -w all_traffic.cap
To capture traffic for a specific IP address, run the following command:
pktcap-uw -i vmnic0 -w 192.168.1.1.cap
To capture traffic for a specific TCP port, run the following command:
pktcap-uw -i vmnic0 -w port_80.cap tcp port 80
You can also use the pktcap-uw command to capture traffic on multiple interfaces at the same time. To do this, simply specify the names of the interfaces in the -i option.