esxcli network vm list [get world ID of VM ]

esxcli network vm port list -w [World ID]

ESX 6.5 —
pktcap-uw –switchport [Port ID] –dir 0 -o /tmp/[Port ID]_in.pcap & \
pktcap-uw –switchport [Port ID] –dir 1 -o /tmp/[Port ID]_out.pcap &
ESX 6.7 —
pktcap-uw –switchport [Port ID] –dir 2 -o /tmp/[Port ID]_in.pcap &

to kill —
kill $(lsof |grep pktcap-uw |awk ‘{print $1}’| sort -u)

mergecap -w [Port ID]_combined.pcap [Port ID]_in.pcap [Port ID]_out.pcap

———————————————————-

The new way to do pktcaps moving forward will be using the syntax below, and here’s some samples of what to capture:

At the VM switchport for ARP’s

pktcap-uw –switchport <#> –capture Vnic(Rx/Tx) –ethtype 0x0806 – o – | tcpdump-uw -r – -nn

At the physical NIC for ARP’s

pktcap-uw –uplink vmnicX –capture Uplink(Rcv/Snd)Kernel –ethtype 0x0806 -o – | tcpdump-uw -r – -nn

Import-Module ActiveDirectory

$Groups = Get-ADComputer -Filter * | Select -Expand Name

Foreach($G In $Groups)
{
WMIC /node:$G process create call “net time /’ntpaddress’ /set”
}

net time /’ntpaddress’/set

$dir1 = Read-Host
$dir2 = Read-Host

Clear-Host
Get-ChildItem -path $dir1 | Format-Table Name

/usr/bin/ruby -e “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)”

takes a bit to install

‘brew cask install powershell’

to upgrade

brew update
brew cask upgrade powershell

Import-Module ActiveDirectory
$Groups = Get-ADGroup -Properties * -Filter * -SearchBase “DC=,DC=”
Foreach($G In $Groups)
{
$G.Name
“————-”
$G.Members
}

#Select last 15 minutes
$start=(Get-Date).AddMinutes(-15)
$end=Get-Date

#email recipients as an array
[string[]]$recipients = ““, ““, “”

#when testing and not spamming
#$recipients = “”

$emailbody=Get-Eventlog -log application -after $start -before $end -Source “SOURCE” | where {$_.eventID -eq 123 -or $_.eventID -eq 456} | select EventID,TimeGenerated,Message | ConvertTo-HTML

#convert to string for email purposes
$stringbody=Out-String -InputObject $emailbody
#send email
Send-MailMessage -To $recipients -From “User” -Cc “” -Subject “Subject” -Body $stringbody -BodyAsHtml -SmtpServer “SMTP SERVER” -UseSSL

Set as a scheduled task run every 15 minutes, -ExecutionPolicy Bypass

https://support.office.com/en-us/article/search-for-and-delete-email-messages-in-your-office-365-organization-admin-help-3526fd06-b45f-445b-aed4-5ebd37b3762a

http://help.outlook.com/en-ca/140/gg315525.aspx

This pulls a lot of info I was writing powercli scripts for

https://www.robware.net/rvtools/

$DaysInactive = 90

$time = (Get-Date).Adddays(-($DaysInactive))

Get-ADComputer -Filter {LastLogonTimeStamp -lt $time} -ResultPageSize 2000 -resultSetSize $null -Properties Name, OperatingSystem

Get-ADComputer -Filter {OperatingSystem -Like “Windows *Server*”} -Property Name | ForEach-Object {
$name = $_.name
$drives = wmic /node:$name logicaldisk where drivetype=3 get caption,volumename
$name = “`n” + $name
write-host $name $drives
}