New-​Azure​Rm​Network​Watcher​Packet​Capture

Creates a new packet capture resource and starts a packet capture session on a VM.

Syntax

New-AzureRmNetworkWatcherPacketCapture
   [-BytesToCapturePerPacket <Int32>]
   [-Filter <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSPacketCaptureFilter]>]
   [-LocalFilePath <String>]
   -NetworkWatcher <PSNetworkWatcher>
   -PacketCaptureName <String>
   [-StorageAccountId <String>]
   [-StoragePath <String>]
   -TargetVirtualMachineId <String>
   [-TimeLimitInSeconds <Int32>]
   [-TotalBytesPerSession <Int32>]
   [-Confirm]
   [-WhatIf]
   [<CommonParameters>]
New-AzureRmNetworkWatcherPacketCapture
   [-BytesToCapturePerPacket <Int32>]
   [-Filter <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSPacketCaptureFilter]>]
   [-LocalFilePath <String>]
   -NetworkWatcherName <String>
   -PacketCaptureName <String>
   -ResourceGroupName <String>
   [-StorageAccountId <String>]
   [-StoragePath <String>]
   -TargetVirtualMachineId <String>
   [-TimeLimitInSeconds <Int32>]
   [-TotalBytesPerSession <Int32>]
   [-Confirm]
   [-WhatIf]
   [<CommonParameters>]

Description

The New-AzureRmNetworkWatcherPacketCapture cmdlet creates a new packet capture resource and starts a packet capture session on a VM. The length of the Packet Capture sessions can be configured via a time constraint or a size constraint. The amount of data captured for each packet can also be configured. Filters can be applied to a given packet capture session, allowing you to customize the type of packets captured. Filters can restrict packets on local and remote IP addresses & address ranges, local and remote ports & port ranges, and the session level protocol to be captured. Filters are composable, and multiple filters can be applied to provide you with granularity of capture.

Examples

--- Example 1: Create a Packet Capture with multiple filters ---

$nw = Get-AzurermResource | Where {$_.ResourceType -eq "Microsoft.Network/networkWatchers" -and $_.Location -eq "WestCentralUS" } 
$networkWatcher = Get-AzureRmNetworkWatcher -Name $nw.Name -ResourceGroupName $nw.ResourceGroupName 

$storageAccount = Get-AzureRmStorageAccount -ResourceGroupName contosoResourceGroup -Name contosostorage123

$filter1 = New-AzureRmPacketCaptureFilterConfig -Protocol TCP -RemoteIPAddress "1.1.1.1-255.255.255" -LocalIPAddress "10.0.0.3" -LocalPort "1-65535" -RemotePort "20;80;443"
$filter2 = New-AzureRmPacketCaptureFilterConfig -Protocol UDP 
New-AzureRmNetworkWatcherPacketCapture -NetworkWatcher $networkWatcher -TargetVirtualMachineId $vm.Id -PacketCaptureName "PacketCaptureTest" -StorageAccountId $storageAccount.id -TimeLimitInSeconds 60 -Filter $filter1, $filter2

In this example we create a packet capture named "PacketCaptureTest" with multiple filters and a time limit. Once the session is complete, it will be saved to the specified storage account.

Note: The Azure Network Watcher extension must be installed on the target virtual machine to create packet captures.

Required Parameters

-NetworkWatcher

The network watcher resource.

Type:PSNetworkWatcher
Position:Named
Default value:None
Accept pipeline input:True (ByValue)
Accept wildcard characters:False
-NetworkWatcherName

The name of network watcher.

Type:String
Aliases:Name
Position:Named
Default value:None
Accept pipeline input:True (ByValue)
Accept wildcard characters:False
-PacketCaptureName

The packet capture name.

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-ResourceGroupName

The name of the network watcher resource group.

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-TargetVirtualMachineId

The target virtual machine ID.

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False

Optional Parameters

-BytesToCapturePerPacket

Bytes to capture per packet.

Type:Int32
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False
-Filter

Filters for packet capture session.

Type:System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSPacketCaptureFilter]
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-LocalFilePath

Local file path.

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-StorageAccountId

Storage account Id.

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-StoragePath

Storage path.

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-TimeLimitInSeconds

Time limit in seconds.

Type:Int32
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-TotalBytesPerSession

Total bytes per session.

Type:Int32
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

Microsoft.Azure.Commands.Network.Models.PSNetworkWatcher

Outputs

Microsoft.Azure.Commands.Network.Models.PSPacketCapture

Notes

Keywords: azure, azurerm, arm, resource, management, manager, network, networking, network watcher, packet, capture, traffic