New-​Azure​Rm​Packet​Capture​Filter​Config

Creates a new packet capture filter object.

Syntax

New-AzureRmPacketCaptureFilterConfig
   [-LocalIPAddress <String>]
   [-LocalPort <String>]
   [-Protocol <String>]
   [-RemoteIPAddress <String>]
   [-RemotePort <String>]
   [<CommonParameters>]

Description

The New-AzureRmPacketCaptureFilterConfig cmdlet creates a new packet capture filter object. This object is used to restrict the type of packets that are captured during a packet capture session using the specified criteria. The New-AzureRmNetworkWatcherPacketCapture cmdlet can accept multiple filter objects to enable composable capture sessions.

Examples

--- Example 1: Create a Packet Capture with multiple filters ---

$nw = Get-AzurermResource | Where {$_.ResourceType -eq "Microsoft.Network/networkWatchers" -and $_.Location -eq "WestCentralUS" } 
$networkWatcher = Get-AzureRmNetworkWatcher -Name $nw.Name -ResourceGroupName $nw.ResourceGroupName 

$storageAccount = Get-AzureRmStorageAccount -ResourceGroupName contosoResourceGroup -Name contosostorage123

$filter1 = New-AzureRmPacketCaptureFilterConfig -Protocol TCP -RemoteIPAddress "1.1.1.1-255.255.255" -LocalIPAddress "10.0.0.3" -LocalPort "1-65535" -RemotePort "20;80;443"
$filter2 = New-AzureRmPacketCaptureFilterConfig -Protocol UDP 
New-AzureRmNetworkWatcherPacketCapture -NetworkWatcher $networkWatcher -TargetVirtualMachineId $vm.Id -PacketCaptureName "PacketCaptureTest" -StorageAccountId $storageAccount.id -TimeLimitInSeconds 60 -Filters $filter1, $filter2

In this example we create a packet capture named "PacketCaptureTest" with multiple filters and a time limit. Once the session is complete, it will be saved to the specified storage account.

Note: The Azure Network Watcher extension must be installed on the target virtual machine to create packet captures.

Optional Parameters

-LocalIPAddress

Specifies the Local IP Address to filter on. Example inputs: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5;" for multiple entries.

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-LocalPort

Specifies the Local IP Address to filter on. Example inputs: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5;" for multiple entries.

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-Protocol

Specifies the Procotol to filter on. Acceptable values "TCP","UDP","Any"

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByValue)
Accept wildcard characters:False
-RemoteIPAddress

Specifies the remote IP address to filter on. Example inputs: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5;" for multiple entries.

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-RemotePort

Specifies the Remote Port to filter on. Remote port Example inputs: "80" for single port entry. "80-85" for range. "80;443;" for multiple entries.

Type:String
Position:Named
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False

Inputs

System.String

Outputs

Microsoft.Azure.Commands.Network.Models.PSPacketCaptureFilter

Notes

Keywords: azure, azurerm, arm, resource, management, manager, network, networking, watcher, packet, capture, traffic, filter