Now we need to export CAPTURE.pcap to an external SFTP server for easy viewing via WIRESHARK. I’m using an SFTP on Ubuntu, but you can use any SFTP you would like.
Log into the SFTP server.
Run the command: sftp <esxi-user-ID>@<ESXi-IP-Address>. Forexample in my case it will be: sftp firstname.lastname@example.org
Run the command: get /tmp/CAPTURE.pcap
At this point you should have been able to download the capture to your SFTP:
Changing from the default inbound to outbound direction:
It’s very important to remember that this feature only captures traffic one way. Up until this point we have been capturing traffic in the default inbound direction. To Capture packets on the outbound direction: