Troubleshoot connections with Azure Network Watcher using the Azure portal
Learn how to use connection troubleshoot to verify whether a direct TCP connection from a virtual machine to a given endpoint can be established.
Before you begin
This article assumes you have the following resources:
- An instance of Network Watcher in the region you want to troubleshoot a connection.
- Virtual machines to troubleshoot connections with.
Connection troubleshoot requires that the VM you troubleshoot from has the
AzureNetworkWatcherExtension VM extension installed. For installing the extension on a Windows VM visit Azure Network Watcher Agent virtual machine extension for Windows and for Linux VM visit Azure Network Watcher Agent virtual machine extension for Linux. The extension is not required on the destination endpoint.
Check connectivity to a virtual machine
This example checks connectivity to a destination virtual machine over port 80.
Navigate to your Network Watcher and click Connection troubleshoot. Select the virtual machine to check connectivity from. In the Destination section choose Select a virtual machine and choose the correct virtual machine and port to test.
Once you click Check, connectivity between the virtual machines on the port specified is checked. In the example, the destination VM is unreachable, a listing of hops are shown.
Check remote endpoint connectivity
To check the connectivity and latency to a remote endpoint, choose the Specify manually radio button in the Destination section, input the url and the port and click Check. This is used for remote endpoints like websites and storage endpoints.
Learn how to automate packet captures with Virtual machine alerts by viewing Create an alert triggered packet capture
Find if certain traffic is allowed in or out of your VM by visiting Check IP flow verify