ESXi: issues with NFS datastore. Where do I put my tcpdump?
ESXi over NFS works just great!
But what if you have an issue with NFS and you need a network dump?
In ESXi tipically you don’t have a local datastore where you can write files from the network dump and your datastore over NFS is not availabe!
Before running into the Data Centre and stick a USB disk or even better a SCSI disk you might want to try this. 
One trick I used that worked out pretty well for me, with a little help of my a linux machine, is to send the tcpdump output to a FIFO and from a remote host (might be a VM in a different ESXi host) over SSH cat the FIFO to a local file.
How To:
On the ESXi host logon via SSH as root and create a named pipe:
root@yourESXihost# mkfifo /tmp/pipe.dmp
and from a remote linux machine launch the following:
you@yourlinuxhost > ssh root@youresxihost "cat /tmp/pipe.dmp" > capture-for-wireshark.cap
Now from a new ssh session to ESXi as root lauch
root@yourESXihost# tcpdump-uw -n -s 1524 -i vmk# -w /tmp/pipe.dmp
OR even better from the remote machine:
you@yourlinuxhost > ssh root@youresxihost "tcpdump-uw -n -s 1524 -i vmk# -w /tmp/pipe.dmp"
(replace the # with the proper vmk port number)
Reproduce your issue and when you finished just hit “Cotrol+C” to stop the network dump and the cat.
Now you can open your file directly in wireshark (that’s what I use at least!)
This little trick of course can be used to troubleshoot network problems in a VM as well, dumping the traffic from a VMK# nic for the entire dvPortGroup. You just need to make sure that the the VM’s vNIC and the vmk# nic are connected to the same dvPortGroup and you must remember to allow promiscuous mode (not allowed by default)
Good Luck!
Please note: your network can be very chatty so the file can grow very fast and/or your ESXi host might not like the tcpdump so use it at your own risk and only if you really know what you are doing!
