Azure 網路監看員中的變數封包擷取簡介Introduction to variable packet capture in Azure Network Watcher

網路監看員變數封包擷取可讓您建立封包擷取工作階段來追蹤虛擬機器的流入和流出流量。Network Watcher variable packet capture allows you to create packet capture sessions to track traffic to and from a virtual machine. 封包擷取有助於被動和主動地診斷網路異常。Packet capture helps to diagnose network anomalies both reactively and proactively. 其他用途包括收集網路統計資料、取得有關網路入侵的資訊,以及偵錯用戶端與伺服器間的通訊等等。Other uses include gathering network statistics, gaining information on network intrusions, to debug client-server communications and much more.

封包擷取是透過網路監看員從遠端啟動的虛擬機器擴充功能。Packet capture is a virtual machine extension that is remotely started through Network Watcher. 這項功能可以減輕在所需虛擬機器上手動執行封包擷取的工作負擔,進而省下寶貴的時間。This capability eases the burden of running a packet capture manually on the desired virtual machine, which saves valuable time. 可以透過入口網站、PowerShell、CLI 或 REST API 觸發封包擷取。Packet capture can be triggered through the portal, PowerShell, CLI, or REST API. 觸發封包擷取方式的其中一個範例是使用虛擬機器警示。One example of how packet capture can be triggered is with Virtual Machine alerts. 系統會為擷取工作階段提供篩選器,以確保您擷取到您想要監視的流量。Filters are provided for the capture session to ensure you capture traffic you want to monitor. 篩選是根據 5 個 Tuple (通訊協定、本機 IP 位址、遠端 IP 位址、本機連接埠,以及遠端連接埠) 的資訊。Filters are based on 5-tuple (protocol, local IP address, remote IP address, local port, and remote port) information. 擷取的資料會儲存在本機磁碟或儲存體 blob。The captured data is stored in the local disk or a storage blob. 每個訂用帳戶在每個區域皆有 10 個封包擷取工作階段的限制。There is a limit of 10 packet capture sessions per region per subscription. 此限制僅適用於工作階段,且不會套用到已儲存的封包擷取檔案,無論該檔案是位於 VM 本機上還是位於儲存體帳戶中。This limit applies only to the sessions and does not apply to the saved packet capture files either locally on the VM or in a storage account.

重要

封包擷取需要虛擬機器擴充功能 AzureNetworkWatcherExtensionPacket capture requires a virtual machine extension AzureNetworkWatcherExtension. 若要在 Windows VM 上安裝擴充功能,請瀏覽適用於 Windows 的 Azure 網路監看員代理程式虛擬機器擴充功能,若要在 Linux VM 上安裝,則請瀏覽適用於 Linux 的 Azure 網路監看員代理程式虛擬機器擴充功能For installing the extension on a Windows VM visit Azure Network Watcher Agent virtual machine extension for Windows and for Linux VM visit Azure Network Watcher Agent virtual machine extension for Linux.

若要將擷取的資訊減少為只有您想要的資訊,可以針對封包擷取工作階段使用下列選項︰To reduce the information you capture to only the information you want, the following options are available for a packet capture session:

擷取設定Capture configuration

屬性Property 描述Description
每個封包的最大位元組 (位元組)Maximum bytes per packet (bytes) 來自每個封包所擷取的位元組,如果保留空白,會擷取所有位元組。The number of bytes from each packet that are captured, all bytes are captured if left blank. 來自每個封包所擷取的位元組,如果保留空白,會擷取所有位元組。The number of bytes from each packet that are captured, all bytes are captured if left blank. 如果您僅需要 IPv4 標頭 – 請在這裡指定 34If you need only the IPv4 header – indicate 34 here
每個工作階段的最大位元組 (位元組)Maximum bytes per session (bytes) 所擷取其中的位元組總數,一旦達到值時工作階段隨即結束。Total number of bytes in that are captured, once the value is reached the session ends.
時間限制 (秒)Time limit (seconds) 在封包擷取工作階段上設定時間限制。Sets a time constraint on the packet capture session. 預設值為 18000 秒或 5 小時。The default value is 18000 seconds or 5 hours.

篩選 (選用)Filtering (optional)

屬性Property 描述Description
通訊協定Protocol 用來篩選封包擷取的通訊協定。The protocol to filter for the packet capture. 可用的值為 TCP、UDP 和 All。The available values are TCP, UDP, and All.
本機 IP 位址Local IP address 這個值會將封包擷取篩選為其中本機 IP 位址符合此篩選值的封包。This value filters the packet capture to packets where the local IP address matches this filter value.
本機連接埠Local port 這個值會將封包擷取篩選為其中本機連接埠符合此篩選值的封包。This value filters the packet capture to packets where the local port matches this filter value.
遠端 IP 位址Remote IP address 這個值會將封包擷取篩選為其中遠端 IP 符合此篩選值的封包。This value filters the packet capture to packets where the remote IP matches this filter value.
遠端連接埠Remote port 這個值會將封包擷取篩選為其中遠端連接埠符合此篩選值的封包。This value filters the packet capture to packets where the remote port matches this filter value.

後續步驟Next steps

了解如何透過入口網站管理封包擷取,請造訪在 Azure 入口網站中管理封包擷取或若使用 PowerShell,請造訪使用 PowerShell 管理封包擷取Learn how you can manage packet captures through the portal by visiting Manage packet capture in the Azure portal or with PowerShell by visiting Manage Packet Capture with PowerShell.

請造訪建立觸發的警示封包擷取來了解如何根據虛擬機器警示建立主動式封包擷取Learn how to create proactive packet captures based on virtual machine alerts by visiting Create an alert triggered packet capture