I am investigating the use of TAPs in virtualization for capturing data from VMs.
I am interested in two methods.
Virtual Taps within the VMware using Network vSwitch (standard and distributed)
Physical TAP that would be connected to the ESXi Host or switch or both.
First, for virtual taps.
On a standard vSwitch on one ESXi host, I think that promiscuous mode will need to be set on a port group? If I have a VM on vSwitch2 that is connected to ESXi nic2 and a VM on vSwitch3 connected to ESXi nic3, what is process to capture data from the VMs?
If the Distributed Switch called d_vSwitch1 is set up for two ESXi Servers, ESXi-1 and ESXi-2, and VMs are on a Distributed Port Group called Data-A1, what is process to capture data from the VMs?
Second, for a physical tap
If I have this old nTap (pic attached), how can it be used to capture traffic data coming into ESXi-1 from ESXi-2?
Also, for another use case, instead of using a virtual tap, could I use the old nTap to capture traffic data between the VM on vSwitch2 that is connected to ESXi nic2 and a VM on vSwitch3 connected to ESXi nic3