az network watcher packet-capture
Manage packet capture sessions on VMs.
These commands require that both Azure Network Watcher is enabled for the VMs region and that AzureNetworkWatcherExtension is enabled on the VM. For more information visit https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-packet-capture-manage-cli.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az network watcher packet-capture create |
Create and start a packet capture session. |
Core | GA |
| az network watcher packet-capture delete |
Delete a packet capture session. |
Core | GA |
| az network watcher packet-capture list |
List all packet capture sessions within a region. |
Core | GA |
| az network watcher packet-capture show |
Show details of a packet capture session. |
Core | GA |
| az network watcher packet-capture show-status |
Show the status of a packet capture session. |
Core | GA |
| az network watcher packet-capture stop |
Stop a running packet capture session. |
Core | GA |
| az network watcher packet-capture wait |
Place the CLI in a waiting state until a condition is met. |
Core | GA |
az network watcher packet-capture create
Create and start a packet capture session.
az network watcher packet-capture create --name
--resource-group
[--capture-limit]
[--capture-size]
[--exclude]
[--file-path]
[--filters]
[--include]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--storage-account]
[--storage-path]
[--target]
[--target-type {AzureVM, AzureVMSS}]
[--time-limit]
[--vm]Examples
Create a packet capture session on a VM.
az network watcher packet-capture create -g MyResourceGroup -n MyPacketCaptureName --vm MyVm --storage-account MyStorageAccountCreate a packet capture session on a VM with optional filters for protocols, local IP address and remote IP address ranges and ports.
az network watcher packet-capture create -g MyResourceGroup -n MyPacketCaptureName --vm MyVm --storage-account MyStorageAccount --filters '[{"protocol":"TCP", "remoteIPAddress":"1.1.1.1-255.255.255", "localIPAddress":"10.0.0.3", "remotePort":"20"}, {"protocol":"TCP", "remoteIPAddress":"1.1.1.1-255.255.255", "localIPAddress":"10.0.0.3", "remotePort":"80"}, {"protocol":"TCP", "remoteIPAddress":"1.1.1.1-255.255.255", "localIPAddress":"10.0.0.3", "remotePort":"443"}, {"protocol":"UDP"}]'Create a packet capture session on a VMSS.
az network watcher packet-capture create -g MyResourceGroup -n MyPacketCaptureName --vm MyVmVMSS --storage-account MyStorageAccount --target-type "AzureVMSS"Create a packet capture session on a VMSS with including particular instances.
az network watcher packet-capture create -g MyResourceGroup -n MyPacketCaptureName --target MyVmVMSS --storage-account MyStorageAccount --target-type "AzureVMSS" --include "0" "1"Create a packet capture session on a VMSS with excluding particular instances.
az network watcher packet-capture create -g MyResourceGroup -n MyPacketCaptureName --vm MyVmVMSS --storage-account MyStorageAccount --target-type "AzureVMSS" --exclude "0" "1"Required Parameters
Name of the packet capture session.
Name of the resource group the target resource is in.
Optional Parameters
Maximum size in bytes of the capture output.
Number of bytes captured per packet. Excess bytes are truncated.
Space-separated list of VMSS instances to exclude in packet capture. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Local path on the targeted VM at which to save the packet capture. For Linux VMs, the path must start with /var/captures.
JSON encoded list of packet filters. Use @{path} to load from file. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of VMSS instances to include in packet capture like 0 1 2. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Do not wait for the long-running operation to finish.
Name or ID of a storage account to save the packet capture to.
Fully qualified URI of an existing storage container in which to store the capture file. If not specified, the container network-watcher-logs will be created if it does not exist and the capture file will be stored there.
Name or ID of the target resource. If --target-type is AzureVMSS, then --target is mandatory.
Resource type of target.
Maximum duration of the capture session in seconds.
Name or ID of the VM to target.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network watcher packet-capture delete
Delete a packet capture session.
az network watcher packet-capture delete --location
--name
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]Examples
Delete a packet capture session. This only deletes the session and not the capture file.
az network watcher packet-capture delete -n packetCaptureName -l westcentralusRequired Parameters
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
Name of the packet capture session.
Optional Parameters
Do not wait for the long-running operation to finish.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network watcher packet-capture list
List all packet capture sessions within a region.
az network watcher packet-capture list --locationExamples
List all packet capture sessions within a region.
az az network watcher packet-capture list -l westusRequired Parameters
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network watcher packet-capture show
Show details of a packet capture session.
az network watcher packet-capture show --location
--nameExamples
Show a packet capture session.
az network watcher packet-capture show -l westus -n MyPacketCaptureRequired Parameters
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
Name of the packet capture session.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network watcher packet-capture show-status
Show the status of a packet capture session.
az network watcher packet-capture show-status --location
--name
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]Examples
Show the status of a packet capture session.
az network watcher packet-capture show-status -l westus -n MyPacketCaptureRequired Parameters
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
Name given to the packet capture session.
Optional Parameters
Do not wait for the long-running operation to finish.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network watcher packet-capture stop
Stop a running packet capture session.
az network watcher packet-capture stop --location
--name
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]Examples
Stop a running packet capture session.
az network watcher packet-capture stop -l westus -n MyPacketCaptureRequired Parameters
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
Name of the packet capture session.
Optional Parameters
Do not wait for the long-running operation to finish.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network watcher packet-capture wait
Place the CLI in a waiting state until a condition is met.
az network watcher packet-capture wait [--created]
[--custom]
[--deleted]
[--exists]
[--ids]
[--interval]
[--name]
[--subscription]
[--timeout]
[--updated]
[--watcher-name]
[--watcher-rg]Optional Parameters
Wait until created with 'provisioningState' at 'Succeeded'.
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
Wait until deleted.
Wait until the resource exists.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Polling interval in seconds.
Name of the packet capture session.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Maximum wait in seconds.
Wait until updated with provisioningState at 'Succeeded'.
Name of the network watcher.
Name of the resource group the watcher is in.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for