NSX-v: Controller Packet Capture

So following on from my previous post (NSX-v: ESG Packet Capture), today we run through how to do a packet capture on one of your NSX Controllers.

Why would you want to do this I hear you ask?

Well I had a situation recently where I had some unexplained behavior and I needed to make sure that a particular packet was physically arriving at the controller as it had to pass through several VRFs and a FW or two.

The version of NSX I am using is the 6.1.2 GA version.

So lets jump straight into it.

First you connect to the CLI of your NSX Controller. This can be via the console or SSH. For this example I will be connecting via SSH.

In a similar fashion to packet captures on an ESG, under the covers it is using tcpdump, but with a different command syntax that I mentioned in the ESG post, which means that there are two basic methods to choose from. Display the capture on the screen in real-time, or save it to a capture file.

The interface to capture on will always be breth0 as the controllers are deployed from a template.

To display the capture on the screen you would use the following command which will start spewing stuff onto the screen.

Being tcpdump under the covers means that it also accepts tcpdump expressions.  When specifying an expression it must be surrounded by quotation marks (” “)

Instead of displaying the output to the screen, you can save the capture to a file

To list the files

This one took me a while to figure out as its just not documented anywhere, you can copy the files off via SCP so that you can analyse them in Wireshark. Take note that the command starts with a colon and then followed by a space.

Wireshark - NSX Controller Packet Capture

After you have transferred the file somewhere for analysis, you can remove the capture file

Voila all done.

Coming up I will outline how to do a packet capture on a NSX Manager.

Leave a Reply