• After migrating Netscout VM and production VMs from a vSphere Distributed Switch (VDS) port group to an NSX segment, Netscout VM is unable to mirror traffic using TCPDump.
• No errors are observed in ESXi or NSX logs.

VMware NSX 4.x

NSX-T uses segment profiles for L2 security. Settings like Promiscuous Mode available on VDS are not present in NSX segments. NSX-T favors MAC Learning over traditional promiscuous mode, which prevents traffic mirroring on the migrated VMs.

Workaround:

1. Enable a Local SPAN session on the host to mirror traffic for the Netscout VM.
2. Requirements for Local SPAN:

• Source and destination ports must reside on the same host vSwitch.
• vMotioning the source or destination VM to another host will break mirroring.

For more information, refer:
Monitor Port Mirroring Sessions in Manager Mode