New-AzPacketCaptureFilterConfig

Creates a new packet capture filter object.

Syntax

New-AzPacketCaptureFilterConfig
   [-Protocol <String>]
   [-RemoteIPAddress <String>]
   [-LocalIPAddress <String>]
   [-LocalPort <String>]
   [-RemotePort <String>]
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]

Description

The New-AzPacketCaptureFilterConfig cmdlet creates a new packet capture filter object. This object is used to restrict the type of packets that are captured during a packet capture session using the specified criteria. The New-AzNetworkWatcherPacketCapture cmdlet can accept multiple filter objects to enable composable capture sessions.

Examples

Example 1: Create a Packet Capture with multiple filters

$nw = Get-AzResource | Where {$_.ResourceType -eq "Microsoft.Network/networkWatchers" -and $_.Location -eq "WestCentralUS" } 
$networkWatcher = Get-AzNetworkWatcher -Name $nw.Name -ResourceGroupName $nw.ResourceGroupName 

$storageAccount = Get-AzStorageAccount -ResourceGroupName contosoResourceGroup -Name contosostorage123

$filter1 = New-AzPacketCaptureFilterConfig -Protocol TCP -RemoteIPAddress "1.1.1.1-255.255.255" -LocalIPAddress "10.0.0.3" -LocalPort "1-65535" -RemotePort "20;80;443"
$filter2 = New-AzPacketCaptureFilterConfig -Protocol UDP 
New-AzNetworkWatcherPacketCapture -NetworkWatcher $networkWatcher -TargetVirtualMachineId $vm.Id -PacketCaptureName "PacketCaptureTest" -StorageAccountId $storageAccount.id -TimeLimitInSeconds 60 -Filters $filter1, $filter2

In this example we create a packet capture named "PacketCaptureTest" with multiple filters and a time limit. Once the session is complete, it will be saved to the specified storage account. Note: The Azure Network Watcher extension must be installed on the target virtual machine to create packet captures.

Parameters

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure.

Type:Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-LocalIPAddress

Specifies the Local IP Address to filter on. Example inputs: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5;" for multiple entries.

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-LocalPort

Specifies the Local IP Address to filter on. Example inputs: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5;" for multiple entries.

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-Protocol

Specifies the Protocol to filter on. Acceptable values "TCP","UDP","Any"

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByValue)
Accept wildcard characters:False
-RemoteIPAddress

Specifies the remote IP address to filter on. Example inputs: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5;" for multiple entries.

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-RemotePort

Specifies the Remote Port to filter on. Remote port Example inputs: "80" for single port entry. "80-85" for range. "80;443;" for multiple entries.

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False

Inputs

String

Outputs

PSPacketCaptureFilter

Notes

Keywords: azure, azurerm, arm, resource, management, manager, network, networking, watcher, packet, capture, traffic, filter