New-AzNetworkWatcherPacketCapture
Creates a new packet capture resource and starts a packet capture session on a VM.
Syntax
SetByResource (Default)
New-AzNetworkWatcherPacketCapture
-NetworkWatcher <PSNetworkWatcher>
-PacketCaptureName <String>
-TargetVirtualMachineId <String>
[-StorageAccountId <String>]
[-StoragePath <String>]
[-LocalFilePath <String>]
[-BytesToCapturePerPacket <Int32>]
[-TotalBytesPerSession <UInt32>]
[-TimeLimitInSeconds <Int32>]
[-Filter <PSPacketCaptureFilter[]>]
[-AsJob]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
SetByName
New-AzNetworkWatcherPacketCapture
-NetworkWatcherName <String>
-ResourceGroupName <String>
-PacketCaptureName <String>
-TargetVirtualMachineId <String>
[-StorageAccountId <String>]
[-StoragePath <String>]
[-LocalFilePath <String>]
[-BytesToCapturePerPacket <Int32>]
[-TotalBytesPerSession <UInt32>]
[-TimeLimitInSeconds <Int32>]
[-Filter <PSPacketCaptureFilter[]>]
[-AsJob]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
SetByLocation
New-AzNetworkWatcherPacketCapture
-Location <String>
-PacketCaptureName <String>
-TargetVirtualMachineId <String>
[-StorageAccountId <String>]
[-StoragePath <String>]
[-LocalFilePath <String>]
[-BytesToCapturePerPacket <Int32>]
[-TotalBytesPerSession <UInt32>]
[-TimeLimitInSeconds <Int32>]
[-Filter <PSPacketCaptureFilter[]>]
[-AsJob]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The New-AzNetworkWatcherPacketCapture cmdlet creates a new packet capture resource and starts a packet capture session on a VM.
The length of the Packet Capture sessions can be configured via a time constraint or a size constraint. The amount of data captured for each packet can also be configured.
Filters can be applied to a given packet capture session, allowing you to customize the type of packets captured. Filters can restrict packets on local and remote IP addresses & address ranges, local and remote ports & port ranges, and the session level protocol to be captured. Filters are composable, and multiple filters can be applied to provide you with granularity of capture.
Examples
Example 1: Create a Packet Capture with multiple filters
$nw = Get-AzResource | Where-Object {$_.ResourceType -eq "Microsoft.Network/networkWatchers" -and $_.Location -eq "WestCentralUS" }
$networkWatcher = Get-AzNetworkWatcher -Name $nw.Name -ResourceGroupName $nw.ResourceGroupName
$storageAccount = Get-AzStorageAccount -ResourceGroupName contosoResourceGroup -Name contosostorage123
$filter1 = New-AzPacketCaptureFilterConfig -Protocol TCP -RemoteIPAddress "1.1.1.1-255.255.255" -LocalIPAddress "10.0.0.3" -LocalPort "1-65535" -RemotePort "20;80;443"
$filter2 = New-AzPacketCaptureFilterConfig -Protocol UDP
New-AzNetworkWatcherPacketCapture -NetworkWatcher $networkWatcher -TargetVirtualMachineId $vm.Id -PacketCaptureName "PacketCaptureTest" -StorageAccountId $storageAccount.id -TimeLimitInSeconds 60 -Filter $filter1, $filter2
In this example we create a packet capture named "PacketCaptureTest" with multiple filters and a time limit. Once the session is complete, it will be saved to the specified storage account.
Note: The Azure Network Watcher extension must be installed on the target virtual machine to create packet captures.
Parameters
-AsJob
Run cmdlet in the background
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-BytesToCapturePerPacket
Bytes to capture per packet.
Parameter properties
Type: Nullable<T> [ Int32 ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
Type: SwitchParameter
Default value: False Supports wildcards: False DontShow: False Aliases: cf
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure.
Parameter properties
Type: IAzureContextContainer
Default value: None Supports wildcards: False DontShow: False Aliases: AzContext, AzureRmContext, AzureCredential
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Filter
Filters for packet capture session.
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-LocalFilePath
Local file path.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-Location
Location of the network watcher.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
SetByLocation
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-NetworkWatcher
The network watcher resource.
Parameter properties
Type: PSNetworkWatcher
Default value: None Supports wildcards: False DontShow: False
Parameter sets
SetByResource
Position: Named Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
-NetworkWatcherName
The name of network watcher.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False Aliases: Name
Parameter sets
SetByName
Position: Named Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
-PacketCaptureName
The packet capture name.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-ResourceGroupName
The name of the network watcher resource group.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
SetByName
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-StorageAccountId
Storage account Id.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-StoragePath
Storage path.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-TargetVirtualMachineId
The target virtual machine ID.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-TimeLimitInSeconds
Time limit in seconds.
Parameter properties
Type: Nullable<T> [ Int32 ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-TotalBytesPerSession
Total bytes per session.
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-WhatIf
Shows what would happen if the cmdlet runs.
The cmdlet is not run.
Parameter properties
Type: SwitchParameter
Default value: False Supports wildcards: False DontShow: False Aliases: wi
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters .
Outputs
Notes
Keywords: azure, azurerm, arm, resource, management, manager, network, networking, network watcher, packet, capture, traffic