cna you publish the command you used and the response you got?

you need to specify the type of interface
     source interface type slot/port [rx | tx | both]
or specify the vrf in the monitor session command
monitor session <id> source vrf <name> 

Hi,

   It doesn't matter if the interface is in VRF or GRT. If you want a packet capture, use this guide for Ethanalyzer: https://www.cisco.com/c/en/us/support/docs/switches/nexus-7000-series-switches/116136-trouble-ethanalyzer-nexus7000-00.html

If you want a SPAN/RSPAN, use these guides:

https://www.cisco.com/c/en/us/support/docs/switches/nexus-9000-series-switches/215329-nexus-9000-cloud-scale-asic-nx-os-span-t.html

https://www.cisco.com/c/en/us/support/docs/switches/nexus-9000-series-switches/213848-nexus-9000-cloud-scale-asic-tahoe-nx-o.html

You can also take a look on this self-explanatory Cisco Live Presentation:

https://www.ciscolive.com/c/dam/r/ciscolive/global-event/docs/2024/pdf/TACDCN-2010.pdf

Thanks,

Cristian.

In addition to mention above ,other option would be set up at Tap on outbound interface.You can use vendor such as netscout,extrahop. Plenty of vendors if you are looking for network taps.

Hello
depending on NK version you could either choose
(e)Span session (mirroring) 
or
ethanalzer (basically nexus wireshark) a more detailed capture analysis for all active inband ports be it - cpu punted - or hardware switched

so traffic within a vrf should be subject to either feature above 

you don’t mention which you are using but if it just a simple port mirroring (span) make sure you actually enable the monitor session when its created as i always forget to do it!

if its Ethanalyer as stated this captures the active ports with a lot of filter options to choose from vlan/L2-L4/icmp there after you can read the pcap capture from the switch boot flash