az network watcher packet-capture
Manage packet capture sessions on VMs.
These commands require that both Azure Network Watcher is enabled for the VMs region and that AzureNetworkWatcherExtension is enabled on the VM. For more information visit https://docs.microsoft.com/azure/network-watcher/network-watcher-packet-capture-manage-cli.
Commands
| az network watcher packet-capture create |
Create and start a packet capture session. |
| az network watcher packet-capture delete |
Delete a packet capture session. |
| az network watcher packet-capture list |
List all packet capture sessions within a resource group. |
| az network watcher packet-capture show |
Show details of a packet capture session. |
| az network watcher packet-capture show-status |
Show the status of a packet capture session. |
| az network watcher packet-capture stop |
Stop a running packet capture session. |
az network watcher packet-capture create
Create and start a packet capture session.
az network watcher packet-capture create --name
--resource-group
--vm
[--capture-limit]
[--capture-size]
[--file-path]
[--filters]
[--storage-account]
[--storage-path]
[--subscription]
[--time-limit]Examples
Create a packet capture session on a VM.
az network watcher packet-capture create -g MyResourceGroup -n MyPacketCaptureName --vm MyVm --storage-account MyStorageAccountCreate a packet capture session on a VM with optional filters for protocols, local IP address and remote IP address ranges and ports.
az network watcher packet-capture create -g MyResourceGroup -n MyPacketCaptureName --vm MyVm \
--storage-account MyStorageAccount --filters '[ \
{ \
"protocol":"TCP", \
"remoteIPAddress":"1.1.1.1-255.255.255", \
"localIPAddress":"10.0.0.3", \
"remotePort":"20" \
}, \
{ \
"protocol":"TCP", \
"remoteIPAddress":"1.1.1.1-255.255.255", \
"localIPAddress":"10.0.0.3", \
"remotePort":"80" \
}, \
{ \
"protocol":"TCP", \
"remoteIPAddress":"1.1.1.1-255.255.255", \
"localIPAddress":"10.0.0.3", \
"remotePort":"443" \
}, \
{ \
"protocol":"UDP" \
}]'Required Parameters
Name of the packet capture session.
Name of the resource group the target VM is in.
Name or ID of the VM to target.
Optional Parameters
The maximum size in bytes of the capture output.
Number of bytes captured per packet. Excess bytes are truncated.
Local path on the targeted VM at which to save the packet capture. For Linux VMs, the path must start with /var/captures.
JSON encoded list of packet filters. Use @{path} to load from file.
Name or ID of a storage account to save the packet capture to.
Fully qualified URI of an existing storage container in which to store the capture file.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Maximum duration of the capture session in seconds.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
az network watcher packet-capture delete
Delete a packet capture session.
az network watcher packet-capture delete --location
--name
[--subscription]Examples
Delete a packet capture session. This only deletes the session and not the capture file.
az network watcher packet-capture delete -n packetCaptureName -l westcentralusDelete a packet capture session. (autogenerated)
az network watcher packet-capture delete --location westcentralus --name packetCaptureName --subscription MySubscriptionRequired Parameters
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
The name of the packet capture session.
Optional Parameters
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
az network watcher packet-capture list
List all packet capture sessions within a resource group.
az network watcher packet-capture list --location
[--query-examples]
[--subscription]Examples
List all packet capture sessions within a region.
az network watcher packet-capture list -l westusList all packet capture sessions within a resource group (autogenerated)
az network watcher packet-capture list --location westus --subscription MySubscriptionRequired Parameters
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
Optional Parameters
Recommend JMESPath string for you. You can copy one of the query and paste it after --query parameter within double quotation marks to see the results. You can add one or more positional keywords so that we can give suggestions based on these key words.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
az network watcher packet-capture show
Show details of a packet capture session.
az network watcher packet-capture show --location
--name
[--query-examples]
[--subscription]Examples
Show a packet capture session.
az network watcher packet-capture show -l westus -n MyPacketCaptureRequired Parameters
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
The name of the packet capture session.
Optional Parameters
Recommend JMESPath string for you. You can copy one of the query and paste it after --query parameter within double quotation marks to see the results. You can add one or more positional keywords so that we can give suggestions based on these key words.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
az network watcher packet-capture show-status
Show the status of a packet capture session.
az network watcher packet-capture show-status --location
--name
[--subscription]Examples
Show the status of a packet capture session.
az network watcher packet-capture show-status -l westus -n MyPacketCaptureRequired Parameters
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
The name given to the packet capture session.
Optional Parameters
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
az network watcher packet-capture stop
Stop a running packet capture session.
az network watcher packet-capture stop --location
--name
[--subscription]Examples
Stop a running packet capture session.
az network watcher packet-capture stop -l westus -n MyPacketCaptureRequired Parameters
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
The name of the packet capture session.
Optional Parameters
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.