esxcli network vm list [get world ID of VM ]

esxcli network vm port list -w [World ID]

ESX 6.5 —
pktcap-uw –switchport [Port ID] –dir 0 -o /tmp/[Port ID]_in.pcap & \
pktcap-uw –switchport [Port ID] –dir 1 -o /tmp/[Port ID]_out.pcap &
ESX 6.7 —
pktcap-uw –switchport [Port ID] –dir 2 -o /tmp/[Port ID]_in.pcap &

to kill —
kill $(lsof |grep pktcap-uw |awk ‘{print $1}’| sort -u)

mergecap -w [Port ID]_combined.pcap [Port ID]_in.pcap [Port ID]_out.pcap

———————————————————-

The new way to do pktcaps moving forward will be using the syntax below, and here’s some samples of what to capture:

At the VM switchport for ARP’s

pktcap-uw –switchport <#> –capture Vnic(Rx/Tx) –ethtype 0x0806 – o – | tcpdump-uw -r – -nn

At the physical NIC for ARP’s

pktcap-uw –uplink vmnicX –capture Uplink(Rcv/Snd)Kernel –ethtype 0x0806 -o – | tcpdump-uw -r – -nn