vmware port

I have a virtual server and I'd like to capture traffic going to that virtual server. How do I span the port on my Cisco switch. I am not onsite so I do not know the port where the physical server is connected to. Any ideas? Thx
LVL 1
leblancAccountingAsked:
Who is Participating?
 
giltjrConnect With a Mentor Commented:
You need to find the MAC address of the physical server and then look at the mac address table.

However, how/where are you going to SPAN the traffic if you don't have physical access to the switch?

Just to make sure if you do span the port you will capture ALL traffic to that physical server, not just the traffic to that VM.
0
 
InfamusConnect With a Mentor Commented:
Do you have access to the server, for example, like RDP?

If you can, then you can install wireshark and capture the traffic, otherwise you need to find a switchport where the vm host is connected.  In that case, you will be capturing all the traffic going to the vm host.
0
 
leblancAccountingAuthor Commented:
Is it possible to capture the port where the virtual server is connected to? I am not sure how that will work?
0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
leblancAccountingAuthor Commented:
This is what I have:
- I can access the switch
- I know the MAC and IP address of the physical server where the virtual server resides.
- I know the switch port where the physical server is connected to.
- I know the MAC address of the virtual server.

I just want to capture the traffic to the virtual server, not the whole physical server. It has to have a way to do this. Thx
0
 
giltjrConnect With a Mentor Commented:
Span session only know ports.  So all traffic going in/out of the port is mirrored.

If you have the correct access to the ESXi host you can capture traffic there using TCPDUMP.


http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1031186

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1000880
0
 
leblancAccountingAuthor Commented:
I am not allow to have access to the ESXi host... Politics... :)
I will just capture the port where the physical server is connected to and setup the filter on the virtual server. Thx
0
 
InfamusCommented:
Let us know how it went.
Good luck.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.