5.8

Table Of Contents
Sequence Color Description Content Length (approximate)
10 Red Transfer Results 2,254 bytes
11 Blue Transferred data Varies based on the number of
data classes inspected, delta
versus full, and operating system.
For example, a full collection of
Machine.General on a Red Hat
9 platform has a Content-
Length of 6,618 bytes.
12 Red Session Negotiation 2,222 bytes
13 Blue Negotiation Complete 3,538 bytes
14 Red Acknowledge Transfer 2,630 bytes
15 Blue Acknowledged 7,554 bytes
Capturing Traffic with tcpdump
You can use the tcpdump command to gather the same network traffic data that Wireshark/Ethereal does,
but in a less user friendly format.
Start tcpdump with the following command.
/usr/sbin/tcpdump –s l 256 x –X port 26542 | tee tcpdump.log
The tcpdump.log file contains information similar to what you see in Wireshark/Ethereal, but without
color highlighting to show you the boundaries between message types. To determine where each of the
different message types begins, search for the string HTTP.
VCM Troubleshooting Guide
80
VMware, Inc.