Network trace between host and vCenter
1. The first step in a network trace is to verify what vmk is the management network as seen below:
esxcli network ip interface tag get -i vmk0
Output: Tags: Management
Keep changing vmk’s until you have the management network.
2. The next step is to figure out what port number is used for the vmk of the management network in this example we can see vmk0 is the management network:
net-stats -l
Output:
PortNum Type SubType SwitchName MACAddress ClientName
33554434 4 0 vSwitch0 00:50:56:01:3b:4b vmnic0
33554436 4 0 vSwitch0 00:50:56:01:3b:4c vmnic1
33554438 3 0 vSwitch0 00:50:56:01:02:da vmk0
83886091 5 9 vSwitch3 00:0c:29:aa:94:59 Test
83886092 5 9 vSwitch3 00:0c:29:2d:d6:3d Test2
In this case the port number is 33554438.
3. The next step is to verify what vmnic is using the port number 33554438 to do this we must run the vsish command as seen below:
vsish -e get /net/portsets/vSwitch0/ports/33554438/teamUplink
Output: vmnic0
we can now determine that vmnic0 is used for management traffic.
4. The next step is to check if firewall rules are enabled by running the following commands:
esxcli network firewall ruleset list | grep vpxHeartbeats
Output:
Name Enabled
———————— ——-
…
vpxHeartbeats true
5. The next step is to verify the IP address of vCenter by running the command:
cat /etc/vmware/vpxa/vpxa.cfg | grep server
Output:
<serverIp>192.168.2.110</serverIp>
<serverPort>902</serverPort>
6. Using the information gathered in the previous steps we can now build your packet capture command as seen below:
pktcap-uw –capture UplinkSnd –uplink vmnic0 –proto 0x11 –dstip 192.168.2.110 -o – | tcpdump-uw -r – -nn | grep “902: UDP”
Output:
reading from file -, link-type EN10MB (Ethernet)
10:13:44.354565 IP 192.168.2.104.52102 > 192.168.2.110.902: UDP, length 66
10:13:54.357000 IP 192.168.2.104.39818 > 192.168.2.110.902: UDP, length 66
10:14:04.359866 IP 192.168.2.104.28339 > 192.168.2.110.902: UDP, length 66
10:14:14.363731 IP 192.168.2.104.17862 > 192.168.2.110.902: UDP, length 66
7. The final step is to ssh into vCenter and enable the shell and run this command
tcpdump -i eth0 -n “udp and port 902 and host 192.168.2.104”
output:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
10:31:38.067986 IP 192.168.2.104.15788 > 192.168.2.74.902: UDP, length 66
10:31:48.070474 IP 192.168.2.104.31145 > 192.168.2.74.902: UDP, length 66
10:31:58.076626 IP 192.168.2.104.20762 > 192.168.2.74.902: UDP, length 66
10:32:08.075317 IP 192.168.2.104.18295 > 192.168.2.74.902: UDP, length 66
10:32:18.077500 IP 192.168.2.104.53458 > 192.168.2.74.902: UDP, length 66
Once you see that output in vCenter you can verify that vCenter is receiving heartbeats from the host.
Please Subscribe