NSX-T Edge Transport Node Packet Captures

calendar May 2, 2021 · 1 min read · VMWare Home Lab Datacenter Networking NSX-T  ·
Share on: linkedin copy

NSX-T Edge Transport Node Packet Captures

NSX-T Edge nodes have a rudimentary packet capture tool built in to the box. It is important to have a built-in tool here, as GENEVE encapsulation will wrap just about everything coming out of a transport node.

NSX-T's CLI guide indicates the method for packet captures - from here we can break it down to a few steps:

  • Find the VRF you want to capture from
  • Find the interface in that VRF you want to capture from
  • Capture from this interface!
1get logical-routers  
2vrf {{ desired VRF }}  
3get interfaces  
4set capture session 0 interface {{ interface-id }} direction dual  
5set capture session 0 file example.pcap

The result will be placed in:

1/var/vmware/nsx/file-store/

I do have some notes to be aware of here:

  • Be careful with packet captures! This is on an all-CPU router - so isolating the device before capturing packets is a wise choice. We can do that with NSX-T, we just need to remember to.
  • It's possible to use tcpdump-based packet filters instead of a wholesale capture - just replace the final line with a command similar to this:
1set capture session 0 file example.pcap expression port 179