Networking > Troubleshooting & Monitoring > Packet Capture

start capture interface <interface-name> [direction <direction>] [file <filename>] [count <packet-count>] [expression <expression>]

Start a packet capture on the specified interface in the given direction. If you do not specify a file, the output is displayed on the terminal. Type Control-C to end the packet capture. You can filter the capture using tcpdump expressions. The expression must be the last argument of the command. The expression is a keyword followed by a value. You can specify multiple keyword-value pairs. The list of keywords and acceptable values are:

Keyword Value
ethtype Ethernet type in HEX format. 0x<ETHTYPE>
mac Source or destination MAC address
srcmac Source MAC address
dstmac Destination MAC address
ipproto IP protocol in HEX format. 0x<PROTO>
ip Source or destination IPv4 address
ip6 Source or destination IPv6 address
srcip Source IPv4 address
dstip Destination IPv4 address
srcip6 Source IPv6 address
dstip6 Destination IPv6 address
port Source or destination TCP port
srcport Source TCP port
dstport Destination TCP port
srcudpport Source UDP port
dstudpport Destination UDP port
vni VNI of the flow. When specified, the decoding offset for the remainder of the expression changes to the inner packet.
vlan VLAN ID

Parameters:

Option Description
<interface-name> Network interface argument
<capture-direction> Packet capture direction parameter
Allowed values: input, output, dual
<filename> Capture file name
Allowed pattern: ^[^/ *;&|]+$
<packet-count> Packet count value greater than or equal to 1
<expression> Packet capture expression
Allowed pattern: ^.*$


Example:

nsx> start capture interface eth0 direction output file capture.pcap count 5 expression ip 10.160.198.196 port 22 Capture 5 packets to file initiated, enter Ctrl-C to terminate before all packets captured 5 packets captured 11 packets received by filter 0 packets dropped by kernel

Mode:

Basic

Availability: