Sniffing XenServer VM Traffic

I was troubleshooting a DHCP issue today and needed to see what a Windows VM was doing but didn’t want to install anything on the VM. Turns out, this can be done from the XenServer host. Cool!

  • Connect to the XenServer console and shell. I use SSH but you can do this from the console too.
  • Run xe vm-list and find the VM’s UUID.
  • Get the DOM-ID for the VM with xe vm-list params=dom-id uuid=<UUID GOES HERE>.
  • Run ifconfig and get the interface name. The DOM-ID is 15 for me so it’s vif15.0.

Now I can tcpdump -i vif15.0 and add whatever options and filters I need.