New-AzNetworkWatcherPacketCaptureV2
V2 Version of Packet Capture Cmdlet which creates a new packet capture resource and starts a packet capture session on a VM, VMSS or few instances of VMSS.
Syntax
New-AzNetworkWatcherPacketCaptureV2
-NetworkWatcher <PSNetworkWatcher>
-Name <String>
-TargetId <String>
[-StorageAccountId <String>]
[-StoragePath <String>]
[-LocalFilePath <String>]
[-BytesToCapturePerPacket <Int32>]
[-TotalBytesPerSession <UInt32>]
[-TimeLimitInSecond <Int32>]
[-Scope <PSPacketCaptureMachineScope>]
[-TargetType <String>]
[-Filter <PSPacketCaptureFilter[]>]
[-AsJob]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] New-AzNetworkWatcherPacketCaptureV2
-NetworkWatcherName <String>
-ResourceGroupName <String>
-Name <String>
-TargetId <String>
[-StorageAccountId <String>]
[-StoragePath <String>]
[-LocalFilePath <String>]
[-BytesToCapturePerPacket <Int32>]
[-TotalBytesPerSession <UInt32>]
[-TimeLimitInSecond <Int32>]
[-Scope <PSPacketCaptureMachineScope>]
[-TargetType <String>]
[-Filter <PSPacketCaptureFilter[]>]
[-AsJob]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] New-AzNetworkWatcherPacketCaptureV2
-Location <String>
-Name <String>
-TargetId <String>
[-StorageAccountId <String>]
[-StoragePath <String>]
[-LocalFilePath <String>]
[-BytesToCapturePerPacket <Int32>]
[-TotalBytesPerSession <UInt32>]
[-TimeLimitInSecond <Int32>]
[-Scope <PSPacketCaptureMachineScope>]
[-TargetType <String>]
[-Filter <PSPacketCaptureFilter[]>]
[-AsJob]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
The New-AzNetworkWatcherPacketCaptureV2 cmdlet creates a new packet capture resource and starts a packet capture session on a VM, VMSS or few instances of VMSS. The length of the Packet Capture sessions can be configured via a time constraint or a size constraint. The amount of data captured for each packet can also be configured. Filters can be applied to a given packet capture session, allowing you to customize the type of packets captured. Filters can restrict packets on local and remote IP addresses & address ranges, local and remote ports & port ranges, and the session level protocol to be captured. Filters are composable, and multiple filters can be applied to provide you with granularity of capture.
Examples
Example 1: Create a Packet Capture on a VM
$nw = Get-AzResource | Where {$_.ResourceType -eq "Microsoft.Network/networkWatchers" -and $_.Location -eq "WestCentralUS" }
$networkWatcher = Get-AzNetworkWatcher -Name $nw.Name -ResourceGroupName $nw.ResourceGroupName
$storageAccount = Get-AzStorageAccount -ResourceGroupName contosoResourceGroup -Name contosostorage123
$filter1 = New-AzPacketCaptureFilterConfig -Protocol TCP -RemoteIPAddress "1.1.1.1-255.255.255" -LocalIPAddress "10.0.0.3" -LocalPort "1-65535" -RemotePort "20;80;443"
$filter2 = New-AzPacketCaptureFilterConfig -Protocol UDP
New-AzNetworkWatcherPacketCaptureV2 -NetworkWatcher $networkWatcher -TargetId $vm.Id -TargetType "azurevm" -Name "PacketCaptureTest" -StorageAccountId $storageAccount.id -TimeLimitInSecond 60 -Filter $filter1, $filter2
Name : PacketCaptureTest
Id : /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_eastus/packetCaptures/PacketCaptureTest
Etag : W/"0b3c52cb-aa63-4647-93d3-3221c13ccdd2"
ProvisioningState : Succeeded
Target : /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/contosoResourceGroup/providers/Microsoft.Compute/virtualMachines/SampleVM
TargetType : AzureVM
BytesToCapturePerPacket : 0
TotalBytesPerSession : 1073741824
TimeLimitInSeconds : 18000
StorageLocation : {
"StorageId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/contosoResourceGroup/providers/Microsoft.Storage/storageAccounts/contosostorage123",
"StoragePath": "https://contosostorage123.blob.core.windows.net/network-watcher-logs/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/contosoResourceGroup/providers/microsoft.compute/virtualmachines/SampleVM/2022/07/21/packetcapture_09_20_07_166.cap"
}
Filters : [
{
"Protocol": "TCP",
"RemoteIPAddress": "1.1.1.1-255.255.255",
"LocalIPAddress": "10.0.0.3",
"LocalPort": "1-65535",
"RemotePort": "20;80;443"
},
{
"Protocol": "UDP",
"RemoteIPAddress": "",
"LocalIPAddress": "",
"LocalPort": "",
"RemotePort": ""
}
]
Scope : {
"Include": [],
"Exclude": []
}In this example we create a packet capture named "PacketCaptureTest" with multiple filters and a time limit. Once the session is complete, it will be saved to the specified storage account. Note: The Azure Network Watcher extension must be installed on the target virtual machine to create packet captures.
Example 2: Create a Packet Capture on a VMSS
$nw = Get-AzResource | Where {$_.ResourceType -eq "Microsoft.Network/networkWatchers" -and $_.Location -eq "WestCentralUS" }
$networkWatcher = Get-AzNetworkWatcher -Name $nw.Name -ResourceGroupName $nw.ResourceGroupName
$storageAccount = Get-AzStorageAccount -ResourceGroupName contosoResourceGroup -Name contosostorage123
$filter1 = New-AzPacketCaptureFilterConfig -Protocol TCP -RemoteIPAddress "1.1.1.1-255.255.255" -LocalIPAddress "10.0.0.3" -LocalPort "1-65535" -RemotePort "20;80;443"
$filter2 = New-AzPacketCaptureFilterConfig -Protocol UDP
New-AzNetworkWatcherPacketCaptureV2 -NetworkWatcher $networkWatcher -TargetId $vmss.Id -TargetType "azurevmss" -Name "PacketCaptureTest" -StorageAccountId $storageAccount.id -TimeLimitInSecond 60 -Filter $filter1, $filter2
Name : PacketCaptureTest
Id : /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_eastus/packetCaptures/PacketCaptureTest
Etag : W/"0b3c52cb-aa63-4647-93d3-3221c13ccdd2"
ProvisioningState : Succeeded
Target : /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/contosoResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/SampleVMSS
TargetType : AzureVMSS
BytesToCapturePerPacket : 0
TotalBytesPerSession : 1073741824
TimeLimitInSeconds : 60
StorageLocation : {
"StorageId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/contosoResourceGroup/providers/Microsoft.Storage/storageAccounts/contosostorage123",
"StoragePath": "https://contosostorage123.blob.core.windows.net/network-watcher-logs/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/contosoResourceGroup/providers/microsoft.compute/virtualmachinescalesets/SampleVMSS/2022/07/21/packetcapture_09_20_07_166.cap"
}
Filters : [
{
"Protocol": "TCP",
"RemoteIPAddress": "1.1.1.1-255.255.255",
"LocalIPAddress": "10.0.0.3",
"LocalPort": "1-65535",
"RemotePort": "20;80;443"
},
{
"Protocol": "UDP",
"RemoteIPAddress": "",
"LocalIPAddress": "",
"LocalPort": "",
"RemotePort": ""
}
]
Scope : {
"Include": [],
"Exclude": []
}In this example we create a packet capture named "PacketCaptureTest" with multiple filters and a time limit. Once the session is complete, it will be saved to the specified storage account. Note: The Azure Network Watcher extension must be installed on the target virtual machine scale set and all the respective instances adhering to the latest vmss model, to create packet captures.
Example 3: Create a Packet Capture on few Instances of VMSS
$nw = Get-AzResource | Where {$_.ResourceType -eq "Microsoft.Network/networkWatchers" -and $_.Location -eq "WestCentralUS" }
$networkWatcher = Get-AzNetworkWatcher -Name $nw.Name -ResourceGroupName $nw.ResourceGroupName
$storageAccount = Get-AzStorageAccount -ResourceGroupName contosoResourceGroup -Name contosostorage123
$filter1 = New-AzPacketCaptureFilterConfig -Protocol TCP -RemoteIPAddress "1.1.1.1-255.255.255" -LocalIPAddress "10.0.0.3" -LocalPort "1-65535" -RemotePort "20;80;443"
$filter2 = New-AzPacketCaptureFilterConfig -Protocol UDP
$instance1 = $vmssInstance1.Name
$instance2 = $vmssInstance2.Name
$scope = New-AzPacketCaptureScopeConfig -Include $instance1, $instance2
New-AzNetworkWatcherPacketCaptureV2 -NetworkWatcher $networkWatcher -TargetId $vmss.Id -TargetType "azurevmss" -Scope $scope -Name "PacketCaptureTest" -StorageAccountId $storageAccount.id -TimeLimitInSecond 60 -Filter $filter1, $filter2
Name : PacketCaptureTest
Id : /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_eastus/packetCaptures/PacketCaptureTest
Etag : W/"0b3c52cb-aa63-4647-93d3-3221c13ccdd2"
ProvisioningState : Succeeded
Target : /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/contosoResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/SampleVMSS
TargetType : AzureVMSS
BytesToCapturePerPacket : 0
TotalBytesPerSession : 1073741824
TimeLimitInSeconds : 18000
StorageLocation : {
"StorageId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/contosoResourceGroup/providers/Microsoft.Storage/storageAccounts/contosostorage123",
"StoragePath": "https://contosostorage123.blob.core.windows.net/network-watcher-logs/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/contosoResourceGroup/providers/microsoft.compute/virtualmachinescalesets/SampleVMSS/2022/07/21/packetcapture_09_20_07_166.cap"
}
Filters : [
{
"Protocol": "TCP",
"RemoteIPAddress": "1.1.1.1-255.255.255",
"LocalIPAddress": "10.0.0.3",
"LocalPort": "1-65535",
"RemotePort": "20;80;443"
},
{
"Protocol": "UDP",
"RemoteIPAddress": "",
"LocalIPAddress": "",
"LocalPort": "",
"RemotePort": ""
}
]
Scope : {
"Include": [
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/contosoResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/SampleVMSS/virtualMachines/0",
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/contosoResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/SampleVMSS/virtualMachines/1"
],
"Exclude": []
}In this example we create a packet capture named "PacketCaptureTest" with multiple filters and a time limit. Once the session is complete, it will be saved to the specified storage account. Note: The Azure Network Watcher extension must be installed on the target virtual machine scale set and on the respective instances in include scope adhering to the latest vmss model, to create packet captures.
Parameters
-AsJob
Run cmdlet in the background
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-BytesToCapturePerPacket
Bytes to capture per packet.
| Type: | Nullable<T>[Int32] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
| Type: | IAzureContextContainer |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Filter
Filters for packet capture session.
| Type: | PSPacketCaptureFilter[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-LocalFilePath
Local file path.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Location
Location of the network watcher.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Name
The packet capture name.
| Type: | String |
| Aliases: | PacketCaptureName |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-NetworkWatcher
The network watcher resource.
| Type: | PSNetworkWatcher |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-NetworkWatcherName
The name of network watcher.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ResourceGroupName
The name of the network watcher resource group.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Scope
Scope of VMSS Instances to be Included or Excluded.
| Type: | PSPacketCaptureMachineScope |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-StorageAccountId
Storage account Id.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-StoragePath
Storage path.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-TargetId
The target virtual machine ID or virtual machine scale set ID
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-TargetType
Target Type of the Resource.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-TimeLimitInSecond
Time limit in seconds.
| Type: | Nullable<T>[Int32] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-TotalBytesPerSession
Total bytes per session.
| Type: | Nullable<T>[UInt32] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Nullable<T>[[System.Int32, System.Private.CoreLib, Version=6.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]]
Outputs
Related Links
- New-AzNetworkWatcher
- Get-AzNetworkWatcher
- Remove-AzNetworkWatcher
- Get-AzNetworkWatcherNextHop
- Get-AzNetworkWatcherSecurityGroupView
- Get-AzNetworkWatcherTopology
- Start-AzNetworkWatcherResourceTroubleshooting
- New-AzNetworkWatcherPacketCapture
- New-AzPacketCaptureFilterConfig
- New-AzNetworkWatcherPacketCapture
- Get-AzNetworkWatcherPacketCapture
- Remove-AzNetworkWatcherPacketCapture
- Stop-AzNetworkWatcherPacketCapture
- New-AzNetworkWatcherProtocolConfiguration
- Test-AzNetworkWatcherIPFlow
- Test-AzNetworkWatcherConnectivity
- Stop-AzNetworkWatcherConnectionMonitor
- Start-AzNetworkWatcherConnectionMonitor
- Set-AzNetworkWatcherConnectionMonitor
- Set-AzNetworkWatcherConfigFlowLog
- Remove-AzNetworkWatcherConnectionMonitor
- New-AzNetworkWatcherConnectionMonitor
- Get-AzNetworkWatcherTroubleshootingResult
- Get-AzNetworkWatcherReachabilityReport
- Get-AzNetworkWatcherReachabilityProvidersList
- Get-AzNetworkWatcherFlowLogStatus
- Get-AzNetworkWatcherConnectionMonitorReport
- Get-AzNetworkWatcherConnectionMonitor
Zusammenarbeit auf GitHub
Die Quelle für diesen Inhalt finden Sie auf GitHub, wo Sie auch Issues und Pull Requests erstellen und überprüfen können. Weitere Informationen finden Sie in unserem Leitfaden für Mitwirkende.
Azure PowerShell