az network watcher packet-capture

Manage packet capture sessions on VMs.

These commands require that both Azure Network Watcher is enabled for the VMs region and that AzureNetworkWatcherExtension is enabled on the VM. For more information visit https://docs.microsoft.com/azure/network-watcher/network-watcher-packet-capture-manage-cli.

Commands

az network watcher packet-capture create

Create and start a packet capture session.

az network watcher packet-capture delete

Delete a packet capture session.

az network watcher packet-capture list

List all packet capture sessions within a resource group.

az network watcher packet-capture show

Show details of a packet capture session.

az network watcher packet-capture show-status

Show the status of a packet capture session.

az network watcher packet-capture stop

Stop a running packet capture session.

az network watcher packet-capture create

Create and start a packet capture session.

az network watcher packet-capture create --name
                                         --resource-group
                                         --vm
                                         [--capture-limit]
                                         [--capture-size]
                                         [--file-path]
                                         [--filters]
                                         [--storage-account]
                                         [--storage-path]
                                         [--subscription]
                                         [--time-limit]

Examples

Create a packet capture session on a VM.

az network watcher packet-capture create -g MyResourceGroup -n MyPacketCaptureName --vm MyVm --storage-account MyStorageAccount

Create a packet capture session on a VM with optional filters for protocols, local IP address and remote IP address ranges and ports.

az network watcher packet-capture create -g MyResourceGroup -n MyPacketCaptureName --vm MyVm \
    --storage-account MyStorageAccount --filters '[ \
        { \
            "protocol":"TCP", \
            "remoteIPAddress":"1.1.1.1-255.255.255", \
            "localIPAddress":"10.0.0.3", \
            "remotePort":"20" \
        }, \
        { \
            "protocol":"TCP", \
            "remoteIPAddress":"1.1.1.1-255.255.255", \
            "localIPAddress":"10.0.0.3", \
            "remotePort":"80" \
        }, \
        { \
            "protocol":"TCP", \
            "remoteIPAddress":"1.1.1.1-255.255.255", \
            "localIPAddress":"10.0.0.3", \
            "remotePort":"443" \
        }, \
        { \
            "protocol":"UDP" \
        }]'

Required Parameters

--name -n

Name of the packet capture session.

--resource-group -g

Name of the resource group the target VM is in.

--vm

Name or ID of the VM to target.

Optional Parameters

--capture-limit

The maximum size in bytes of the capture output.

--capture-size

Number of bytes captured per packet. Excess bytes are truncated.

--file-path

Local path on the targeted VM at which to save the packet capture. For Linux VMs, the path must start with /var/captures.

--filters

JSON encoded list of packet filters. Use @{path} to load from file.

--storage-account

Name or ID of a storage account to save the packet capture to.

--storage-path

Fully qualified URI of an existing storage container in which to store the capture file.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--time-limit

Maximum duration of the capture session in seconds.

az network watcher packet-capture delete

Delete a packet capture session.

az network watcher packet-capture delete --location
                                         --name
                                         [--subscription]

Examples

Delete a packet capture session. This only deletes the session and not the capture file.

az network watcher packet-capture delete -n packetCaptureName -l westcentralus

Delete a packet capture session. (autogenerated)

az network watcher packet-capture delete --location westcentralus --name packetCaptureName --subscription MySubscription

Required Parameters

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--name -n

The name of the packet capture session.

Optional Parameters

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az network watcher packet-capture list

List all packet capture sessions within a resource group.

az network watcher packet-capture list --location
                                       [--query-examples]
                                       [--subscription]

Examples

List all packet capture sessions within a region.

az network watcher packet-capture list -l westus

List all packet capture sessions within a resource group (autogenerated)

az network watcher packet-capture list --location westus --subscription MySubscription

Required Parameters

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

Optional Parameters

--query-examples

Recommend JMESPath string for you. You can copy one of the query and paste it after --query parameter within double quotation marks to see the results. You can add one or more positional keywords so that we can give suggestions based on these key words.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az network watcher packet-capture show

Show details of a packet capture session.

az network watcher packet-capture show --location
                                       --name
                                       [--query-examples]
                                       [--subscription]

Examples

Show a packet capture session.

az network watcher packet-capture show -l westus -n MyPacketCapture

Required Parameters

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--name -n

The name of the packet capture session.

Optional Parameters

--query-examples

Recommend JMESPath string for you. You can copy one of the query and paste it after --query parameter within double quotation marks to see the results. You can add one or more positional keywords so that we can give suggestions based on these key words.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az network watcher packet-capture show-status

Show the status of a packet capture session.

az network watcher packet-capture show-status --location
                                              --name
                                              [--subscription]

Examples

Show the status of a packet capture session.

az network watcher packet-capture show-status -l westus -n MyPacketCapture

Required Parameters

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--name -n

The name given to the packet capture session.

Optional Parameters

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

az network watcher packet-capture stop

Stop a running packet capture session.

az network watcher packet-capture stop --location
                                       --name
                                       [--subscription]

Examples

Stop a running packet capture session.

az network watcher packet-capture stop -l westus -n MyPacketCapture

Required Parameters

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--name -n

The name of the packet capture session.

Optional Parameters

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.