Professional Documents
Culture Documents
Resolution
Confirming network connectivity with ping and vmkping
To check if a remote host is online, you can use the ping and vmkping commands on ESX/ESXi host. The syntax of
these commands are:
# ping destination-ip
# vmkping destination-ip
You see an output similar to:
# vmkping 192.168.48.133
PING 192.168.48.133 (192.168.48.133): 56 data bytes
64 bytes from 192.168.48.133: icmp_seq=0 ttl=64 time=0.978 ms
64 bytes from 192.168.48.133: icmp_seq=1 ttl=64 time=1.009 ms
In this sample output, you can see that the ESX/ESXi host is able to communicate with the remote host with IP
address 192.168.48.133.
Note: On ESX hosts, the ping command is run from the network stack of the Service Console, while
the vmkping command is run from the vmkernel network stack, which is independent of the Service Console. On
ESXi, theping and vmkping are the same command and run from the vmkernel network stack because there is no
Service Console in ESXi.
For more information on using the ping command, see Testing network connectivity with the ping command
(1003486).
ESXi 3.5, 4.x and 5.x, you will need to use the
netcat (nc). Please see the section below titled "Confirming connectivity to a TCP
port with netcat" for further information.
While the ping command confirms connectivity, it does not necessarily mean that all TCP ports on the remote host
can be reached. It is possible for a network firewall to allow or block access to certain ports on a host.
To check if specific TCP ports are running on the remote host, you can use the telnet command to confirm if a port
is online.
# telnet destination-ip destination-port
When trying to establish a telnet connection to TCP port 80, you see an output similar to:
# telnet 192.168.48.133 80
Trying 192.168.48.133...
Connected to 192.168.48.133.
Escape character is '^]'.
In this sample output, you can see that you are connected to port 80 (http) on the server with IP
address 192.168.48.133.
If you choose a port number for a service that is not running on the host, you see an output similar to:
# telnet 192.168.48.133 81
Trying 192.168.48.133...
telnet: Unable to connect to remote host: Connection timed out
In this case, you can see that there is no response when you attempt to connect to port 81 on the server
192.168.48.133.
Note: Telnet is an application that operates using the TCP protocol. UDP connectivity can not be tested using Telnet.
The telnet command is not available in any versions of ESXi and, therefore, you must use
netcat (nc) to confirm connectivity to a TCP port on a remote host. The syntax of
the nc command is:
# nc -z <destination-ip> <destination-port>
When testing connectivity to TCP port 80, you will see an output similar to:
# nc -z 192.168.48.133 80
Connection to 192.168.48.133 80 port [tcp/http] succeeded!
In the sample output, you can see that you are able to establish a connection to TCP port 80 on the host
192.168.48.133.
Note: Netcat includes an option to test UDP connectivity with the -uz flag, but because
UDP is a connectionless protocol, it will always report as 'succeeded' even when ports
are closed or blocked. Instead, test bi-directional UDP connectivity using tcpdump or
tcpdump-uw.
The nc command can also be used to check the connectivity to a range of TCP ports on a remote host:
# nc -w 1 -z 192.168.48.133 20-81
Connection to 192.168.48.133 22 port [tcp/ssh] succeeded!
connection list
ip connection list
ip connection list
ip connection list
Foreign Address
State
192.168.48.1:55169
127.0.0.1:5988
127.0.0.1:5988
127.0.0.1:5988
127.0.0.1:52943
ESTABLISHED
TIME_WAIT
TIME_WAIT
TIME_WAIT
ESTABLISHED
127.0.0.1:8307
ESTABLISHED
127.0.0.1:55629
ESTABLISHED
127.0.0.1:80
ESTABLISHED
127.0.0.1:56319
ESTABLISHED
127.0.0.1:8307
ESTABLISHED
127.0.0.1:62782
ESTABLISHED
127.0.0.1:80
ESTABLISHED
127.0.0.1:53808
127.0.0.1:5988
FIN_WAIT_2
CLOSE_WAIT
127.0.0.1:56963
CLOSE_WAIT
127.0.0.1:8307
FIN_WAIT_2
0.0.0.0:0
LISTEN
0.0.0.0:0
LISTEN
0.0.0.0:0
0.0.0.0:0
0.0.0.0:0
LISTEN
LISTEN
LISTEN
0.0.0.0:0
LISTEN
0.0.0.0:0
LISTEN
0.0.0.0:0
LISTEN
0.0.0.0:0
0.0.0.0:0
0.0.0.0:0
0.0.0.0:0
0.0.0.0:0
LISTEN
LISTEN
LISTEN
LISTEN
LISTEN
0.0.0.0:0
LISTEN
0.0.0.0:0
0.0.0.0:0
0
0
0
0
0
0
0
0
0
0
0
0
udp
4693
udp
4795
udp
4686
udp
4686
192.168.48.136:68
0.0.0.0:0
0.0.0.0:8200
0.0.0.0:0
0.0.0.0:8301
0.0.0.0:0
0.0.0.0:8302
0.0.0.0:0
To retrieve errors and statistics for a network adapter, run this command:
Well that is not good - if the command is not in the busybox console then how would you go about getting that
information? Well of course the clever people at VMware have already thought about this and have exposed all this
information through esxcli. William Lam wrote a great set of posts on esxcli
esxcli Part1 - What is esxcli?, esxcli Part2 - Automating esxcli using vMA and esxcli Part3 - Automating esxcli
using PowerShell
This is how you would go about getting the information from esxcli. (Be aware the command differ according to the
different versions - 4.x is not the same as 5.x)
?
That is fine and dandy - but to get that info you need to either:
1.
or
2.
But what if you do not want to enable neither of the above - that means you have to do it remotelyand for that you
have two options, vCLI or PowerCLI.
1
2
3
Output is almost identical - just that in the case of PowerCLI the values are returned as a set of objects - a
VMware.VimAutomation.ViCore.Impl.V1.EsxCli.EsxCliObjectImpl object to be precise. Once these presented as
objects I can start to mold and dice my results to my liking.
For example - I would like to check if there is any connections open on port 80 (http) - with vCli - this is not so
simple - because you are working essentially in a DOS window - so filtering is not the easiest with findstr. Using the
console or SSH is easier - a simple grep will work as you can see below.
?
With PowerCLI
?
I hope you can see that the options this way are pretty much endless - like filtering all connections to show only
those from a specific IP, or a complete subnet.
So that is how you netstat on ESXi.