Sniffing XenServer VM Traffic

Troubleshooting a DHCP issue today.  The Windows Server VM running the DHCP server isn’t responding so I wanted to see if it was getting anything but I didn’t want to have to install anything on the machine. A little Google searching and here we go…

  • Connect to the XenServer console and shell.  I use SSH.
  • Run xe vm-list and find the VM’s UUID.
  • Then get the DOM-ID with xe vm-list params=dom-id uuid=<UUID GOES HERE>.
  • Run ifconfig and get the interface name. The DOM-ID is 15 for me so it’s vif15.0.

Now I can tcpdump -i vif15.0 and add whatever options and filters I need.