az network watcher packet-capture
Manage packet capture sessions on VMs.
These commands require that both Azure Network Watcher is enabled for the VMs region and that AzureNetworkWatcherExtension is enabled on the VM. For more information visit https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-packet-capture-manage-cli.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az network watcher packet-capture create |
Create and start a packet capture session. |
Core | GA |
| az network watcher packet-capture delete |
Delete a packet capture session. |
Core | GA |
| az network watcher packet-capture list |
List all packet capture sessions within a region. |
Core | GA |
| az network watcher packet-capture show |
Show details of a packet capture session. |
Core | GA |
| az network watcher packet-capture show-status |
Show the status of a packet capture session. |
Core | GA |
| az network watcher packet-capture stop |
Stop a running packet capture session. |
Core | GA |
| az network watcher packet-capture wait |
Place the CLI in a waiting state until a condition is met. |
Core | GA |
az network watcher packet-capture create
Create and start a packet capture session.
az network watcher packet-capture create --name
--resource-group
[--capture-limit]
[--capture-size]
[--exclude]
[--file-path]
[--filters]
[--include]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--storage-account]
[--storage-path]
[--target]
[--target-type {AzureVM, AzureVMSS}]
[--time-limit]
[--vm]Examples
Create a packet capture session on a VM.
az network watcher packet-capture create -g MyResourceGroup -n MyPacketCaptureName --vm MyVm --storage-account MyStorageAccountCreate a packet capture session on a VM with optional filters for protocols, local IP address and remote IP address ranges and ports.
az network watcher packet-capture create -g MyResourceGroup -n MyPacketCaptureName --vm MyVm --storage-account MyStorageAccount --filters '[{"protocol":"TCP", "remoteIPAddress":"1.1.1.1-255.255.255", "localIPAddress":"10.0.0.3", "remotePort":"20"}, {"protocol":"TCP", "remoteIPAddress":"1.1.1.1-255.255.255", "localIPAddress":"10.0.0.3", "remotePort":"80"}, {"protocol":"TCP", "remoteIPAddress":"1.1.1.1-255.255.255", "localIPAddress":"10.0.0.3", "remotePort":"443"}, {"protocol":"UDP"}]'Create a packet capture session on a VMSS.
az network watcher packet-capture create -g MyResourceGroup -n MyPacketCaptureName --vm MyVmVMSS --storage-account MyStorageAccount --target-type "AzureVMSS"Create a packet capture session on a VMSS with including particular instances.
az network watcher packet-capture create -g MyResourceGroup -n MyPacketCaptureName --target MyVmVMSS --storage-account MyStorageAccount --target-type "AzureVMSS" --include "0" "1"Create a packet capture session on a VMSS with excluding particular instances.
az network watcher packet-capture create -g MyResourceGroup -n MyPacketCaptureName --vm MyVmVMSS --storage-account MyStorageAccount --target-type "AzureVMSS" --exclude "0" "1"Required Parameters
Name of the packet capture session.
Name of the resource group the target resource is in.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Maximum size in bytes of the capture output.
| Property | Value |
|---|---|
| Default value: | 1073741824 |
Number of bytes captured per packet. Excess bytes are truncated.
| Property | Value |
|---|---|
| Default value: | 0 |
Space-separated list of VMSS instances to exclude in packet capture. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Scope Arguments |
Local path on the targeted VM at which to save the packet capture. For Linux VMs, the path must start with /var/captures.
| Property | Value |
|---|---|
| Parameter group: | Storage Arguments |
JSON encoded list of packet filters. Use @{path} to load from file. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of VMSS instances to include in packet capture like 0 1 2. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Scope Arguments |
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Name or ID of a storage account to save the packet capture to.
| Property | Value |
|---|---|
| Parameter group: | Storage Arguments |
Fully qualified URI of an existing storage container in which to store the capture file. If not specified, the container network-watcher-logs will be created if it does not exist and the capture file will be stored there.
| Property | Value |
|---|---|
| Parameter group: | Storage Arguments |
Name or ID of the target resource. If --target-type is AzureVMSS, then --target is mandatory.
Resource type of target.
| Property | Value |
|---|---|
| Default value: | AzureVM |
| Accepted values: | AzureVM, AzureVMSS |
Maximum duration of the capture session in seconds.
| Property | Value |
|---|---|
| Default value: | 18000 |
Name or ID of the VM to target.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network watcher packet-capture delete
Delete a packet capture session.
az network watcher packet-capture delete --location
--name
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]Examples
Delete a packet capture session. This only deletes the session and not the capture file.
az network watcher packet-capture delete -n packetCaptureName -l westcentralusRequired Parameters
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
Name of the packet capture session.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network watcher packet-capture list
List all packet capture sessions within a region.
az network watcher packet-capture list --locationExamples
List all packet capture sessions within a region.
az az network watcher packet-capture list -l westusRequired Parameters
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network watcher packet-capture show
Show details of a packet capture session.
az network watcher packet-capture show --location
--nameExamples
Show a packet capture session.
az network watcher packet-capture show -l westus -n MyPacketCaptureRequired Parameters
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
Name of the packet capture session.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network watcher packet-capture show-status
Show the status of a packet capture session.
az network watcher packet-capture show-status --location
--name
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]Examples
Show the status of a packet capture session.
az network watcher packet-capture show-status -l westus -n MyPacketCaptureRequired Parameters
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
Name given to the packet capture session.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network watcher packet-capture stop
Stop a running packet capture session.
az network watcher packet-capture stop --location
--name
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]Examples
Stop a running packet capture session.
az network watcher packet-capture stop -l westus -n MyPacketCaptureRequired Parameters
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
Name of the packet capture session.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network watcher packet-capture wait
Place the CLI in a waiting state until a condition is met.
az network watcher packet-capture wait [--created]
[--custom]
[--deleted]
[--exists]
[--ids]
[--interval]
[--name]
[--subscription]
[--timeout]
[--updated]
[--watcher-name]
[--watcher-rg]Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Wait until created with 'provisioningState' at 'Succeeded'.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
Wait until deleted.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Wait until the resource exists.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Polling interval in seconds.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | 30 |
Name of the packet capture session.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Maximum wait in seconds.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | 3600 |
Wait until updated with provisioningState at 'Succeeded'.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Name of the network watcher.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of the resource group the watcher is in.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
