How to Sniff the Traffic of VM's in the Standalone Esxi

  1. Create a new port-group (e.g. Mirror-traffic) and select vswitch for sniffing traffic of VM’s on standalone esxi.
  2. Enable promiscuous mode, mac address changes & forged transmits on newly created port-group. See the IMG 01.
  3. Allow all vlans (i.e. vlan id 4095) on the newly created port-group. See the IMG 01.
  4. Connect PS sniffing interface to newly created port-group. See the IMG 03.

IMG: 01Graphical user interface, text, application, email Description automatically generated

IMG: 02

Graphical user interface, application Description automatically generated

IMG: 03

Graphical user interface, application Description automatically generated

Backup and restore of PS VM image:

It is not recommended to backup NPS VM images to be restored later. If the VM fails to boot due to corruption, contact Qualys support instead of re-deploying the PS VM. The NPS services on Qualys cloud account retain the sensor configuration and apply it to the appliance on reboot.

 

© 2026 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: March, 2026