This document describes the use of the vempkt command in order to capture traffic on Nexus 1000V Series Switches.
It is difficult to troubleshoot issues on the Nexus 1000V Series Switches because there is no physical switch to put your hands on. Much of the time, a packet capture is necessary in order to determine if the packets are sent upstream.
Cisco recommends that you have knowledge of these topics:
The information in this document is based on Nexus 1000V Series Switches.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Refer to Cisco Technical Tips Conventions for more information on document conventions.
A useful command available to capture traffic that leaves a specific host in the Nexus 1000V Switch is the vempkt command. This command is very similar to a SPAN session; however, it is more flexible because it can be applied to any interface without the need for a capture device.
In order to capture traffic, enter the vempkt SSH command on the command line of the ESX host that has the virtual machine (VM) for which you want to capture traffic. After you enter this command, then enter these commands:
vempkt show info - this shows information from the most recent capture.
vempkt capture all-stages vlan [y] ltl [x]
LTL is the Local Target Logic for the link. If you do not know the LTL or the VLAN, enter the vemcmd show port command and the vemcmd show port vlans command. Cisco recommends the LTL of the port channel because it includes all traffic that leaves the host and enters the host.
You can also capture one direction or dropped packets entering this command:
vempkt capture [ingress | egress | drop | all-stages] ltl [x] vlan [y]
Note: If an LTL is not specified, the capture shows all LTLs, and if a VLAN is not specified, the capture shows all VLANs.
Enter the vempkt size [mtu size] command to specify a maximum transmission unit (MTU) size capture.
Enter the vempkt show capture info command to verify your capture parameters.
Enter the vempkt start command to begin the capture.
After you complete the operations for the capture, enter these commands in order to end the capture and export the file:
vempkt show info to display the statistics of the capture.
vempkt display detail all > /tmp/vempkt_capture.txt. This command places the capture file into the /tmp directory of the host. From this directory, you can copy it onto a datastore and export it through vCenter.
You can export the file to a packet capture (PCAP) from the CLI. Enter this command on the host: #vempkt pcap export <filename>. This command places the file in the directory in which you are currently located.