Packet Capture on VMware Workstation
Packet capture is an essential tool in any network/systems engineers toolset, mainly when working with services in a development environment or during troubleshooting. So recently when I was testing the installation of the NSX VIBs onto the nested ESXi host in my VMware Workstation lab, I wanted a facility to capture the conversation between a single ESXi host, NSX Manager and the vCenter Server (vcsa). You could naturally perform this packet capture directly on the ESXi host (running as a VM), or instead, perform it from your underlying operating system.
After a quick Google Search, I stumbled across vnetsniffer, which comes bundled with VMware Fusion and Workstation. It is a basic tool whereby you can capture all the packets on a virtual network, regardless of the VM that is transmitting them, and, below I detail where the tool resides on either a macOS or Windows installation and the basic command line syntax for usage.
Location of VNETSNIFFER
Windows - depending on if you install 32 or 64 bit
1%ProgramFiles(x86)%\VMware\VMware Workstation 2%ProgramFiles%\VMware\VMware Workstation
Performing a Packet Capture
When performing the packet capture, one of the unfortunate or fortune things (depending on how you look at it) is that the vnetsniffer tool performs a packet capture of the whole virtual wire. So any traffic that hits that wire is captured and no packet filtering capabilities (as far as I am aware) are present. Therefore, once you have completed the capture, you will need to open the capture with WireShark and use the display filter, to refine the traffic you want to see. Below is a small excerpt of the command line syntax:
On Windows run the CMD with administrator privileges and on macOS prefix the command with sudo
1netsniffer.exe /e /w <FILE_OUTPUT_PATH><FILENAME>.pcap" VMnet2
Initially, I went searching for a way to capture packets on the virtual network on my laptop and this is when I found the vnetsniffer tool, but I already had a much better-purposed tool installed on my laptop, that I initially overlooked, Wireshark. Wireshark is in every network engineers toolbox and once again it proves itself to be extremely well positioned to help me out. I will not go into how to use it, as there is a tonne of material on the internet that explains the program very well, but if you want to watch some youtube videos on the topic, I recommend watching Humphrey Cheung’s videos from Router Gods on Youtube. I have not seen all the videos in the series, but I find the content of his other videos good and well presented.
Hopefully after being on a blogging hiatus since March, this short and sweet blog post will have me coming out of hibernation and becoming a regular blogger once again (at least once a month) 🙂