You need to sniff the packets of a particular VM but can’t get tcpdump or tcpdump-uw to work properly. It’s not tcpdump that you want to use, but pktcap-uw.

pktcap-uw is a marvelous tool for looking at the packets from a VM.

A quick and simple dump is achieved with this command: pktcap-uw –switchport 50331881 -o /tmp/50331881.pcap

–switchport is the virtual port ID of the VM. -o outputs the the dump in a pcap format file that can be viewed in Wireshark.

To find the switchport ID of a VM, type the command: net-stats -l

net-stats -l will output a list of all of your VMs and their port numbers.

storcli /c0/eALL/sALL show all | egrep 'Device attributes|SN = '