Starting from ESXi 5.5, the pktcap-uw tool is embedded inside the hypervisor. Some of you will be familiar with the tcpdump tool, which was already available in ESXi; pktcap is a replacement for the same. The prime reason for integrating the pktcap tool captures packets are every layer which is extremely essential in NSX world. So, we are no longer limited by capturing packets at the vmkernel layer. I have been a big fan of this tool starting from the vCloud networking and security days and I strongly believe most of us will like this tool. Before jumping into packet capturing, let's be clear about the following points: