New-AzNetworkWatcherPacketCaptureV2
V2 Version of Packet Capture Cmdlet which creates a new packet capture resource and starts a packet capture session on a VM, VMSS or few instances of VMSS.
Syntax
SetByResource (Default)
New-AzNetworkWatcherPacketCaptureV2
-NetworkWatcher <PSNetworkWatcher>
-Name <String>
-TargetId <String>
[-StorageAccountId <String>]
[-StoragePath <String>]
[-LocalFilePath <String>]
[-BytesToCapturePerPacket <Int32>]
[-TotalBytesPerSession <UInt32>]
[-TimeLimitInSecond <Int32>]
[-Scope <PSPacketCaptureMachineScope>]
[-TargetType <String>]
[-Filter <PSPacketCaptureFilter[]>]
[-ContinuousCapture <Boolean>]
[-LocalPath <String>]
[-CaptureSetting <PSPacketCaptureSettings>]
[-AsJob]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
SetByName
New-AzNetworkWatcherPacketCaptureV2
-NetworkWatcherName <String>
-ResourceGroupName <String>
-Name <String>
-TargetId <String>
[-StorageAccountId <String>]
[-StoragePath <String>]
[-LocalFilePath <String>]
[-BytesToCapturePerPacket <Int32>]
[-TotalBytesPerSession <UInt32>]
[-TimeLimitInSecond <Int32>]
[-Scope <PSPacketCaptureMachineScope>]
[-TargetType <String>]
[-Filter <PSPacketCaptureFilter[]>]
[-ContinuousCapture <Boolean>]
[-LocalPath <String>]
[-CaptureSetting <PSPacketCaptureSettings>]
[-AsJob]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
SetByLocation
New-AzNetworkWatcherPacketCaptureV2
-Location <String>
-Name <String>
-TargetId <String>
[-StorageAccountId <String>]
[-StoragePath <String>]
[-LocalFilePath <String>]
[-BytesToCapturePerPacket <Int32>]
[-TotalBytesPerSession <UInt32>]
[-TimeLimitInSecond <Int32>]
[-Scope <PSPacketCaptureMachineScope>]
[-TargetType <String>]
[-Filter <PSPacketCaptureFilter[]>]
[-ContinuousCapture <Boolean>]
[-LocalPath <String>]
[-CaptureSetting <PSPacketCaptureSettings>]
[-AsJob]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The New-AzNetworkWatcherPacketCaptureV2 cmdlet creates a new packet capture resource and starts a packet capture session on a VM, VMSS or few instances of VMSS.
The length of the Packet Capture sessions can be configured via a time constraint or a size constraint. The amount of data captured for each packet can also be configured.
Filters can be applied to a given packet capture session, allowing you to customize the type of packets captured. Filters can restrict packets on local and remote IP addresses & address ranges, local and remote ports & port ranges, and the session level protocol to be captured. Filters are composable, and multiple filters can be applied to provide you with granularity of capture.
Examples
Example 1: Create a Packet Capture on a VM
$nw = Get-AzResource | Where {$_.ResourceType -eq "Microsoft.Network/networkWatchers" -and $_.Location -eq "WestCentralUS" }
$networkWatcher = Get-AzNetworkWatcher -Name $nw.Name -ResourceGroupName $nw.ResourceGroupName
$storageAccount = Get-AzStorageAccount -ResourceGroupName contosoResourceGroup -Name contosostorage123
$filter1 = New-AzPacketCaptureFilterConfig -Protocol TCP -RemoteIPAddress "1.1.1.1-255.255.255" -LocalIPAddress "10.0.0.3" -LocalPort "1-65535" -RemotePort "20;80;443"
$filter2 = New-AzPacketCaptureFilterConfig -Protocol UDP
New-AzNetworkWatcherPacketCaptureV2 -NetworkWatcher $networkWatcher -TargetId $vm.Id -TargetType "azurevm" -Name "PacketCaptureTest" -StorageAccountId $storageAccount.id -TimeLimitInSecond 60 -Filter $filter1, $filter2
Name : PacketCaptureTest
Id : /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_eastus/packetCaptures/PacketCaptureTest
Etag : W/"0b3c52cb-aa63-4647-93d3-3221c13ccdd2"
ProvisioningState : Succeeded
Target : /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/contosoResourceGroup/providers/Microsoft.Compute/virtualMachines/SampleVM
TargetType : AzureVM
BytesToCapturePerPacket : 0
TotalBytesPerSession : 1073741824
TimeLimitInSeconds : 18000
StorageLocation : {
"StorageId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/contosoResourceGroup/providers/Microsoft.Storage/storageAccounts/contosostorage123",
"StoragePath": "https://contosostorage123.blob.core.windows.net/network-watcher-logs/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/contosoResourceGroup/providers/microsoft.compute/virtualmachines/SampleVM/2022/07/21/packetcapture_09_20_07_166.cap"
}
Filters : [
{
"Protocol": "TCP",
"RemoteIPAddress": "1.1.1.1-255.255.255",
"LocalIPAddress": "10.0.0.3",
"LocalPort": "1-65535",
"RemotePort": "20;80;443"
},
{
"Protocol": "UDP",
"RemoteIPAddress": "",
"LocalIPAddress": "",
"LocalPort": "",
"RemotePort": ""
}
]
Scope : {
"Include": [],
"Exclude": []
}
In this example we create a packet capture named "PacketCaptureTest" with multiple filters and a time limit. Once the session is complete, it will be saved to the specified storage account.
Note: The Azure Network Watcher extension must be installed on the target virtual machine to create packet captures.
Example 2: Create a Packet Capture on a VMSS
$nw = Get-AzResource | Where {$_.ResourceType -eq "Microsoft.Network/networkWatchers" -and $_.Location -eq "WestCentralUS" }
$networkWatcher = Get-AzNetworkWatcher -Name $nw.Name -ResourceGroupName $nw.ResourceGroupName
$storageAccount = Get-AzStorageAccount -ResourceGroupName contosoResourceGroup -Name contosostorage123
$filter1 = New-AzPacketCaptureFilterConfig -Protocol TCP -RemoteIPAddress "1.1.1.1-255.255.255" -LocalIPAddress "10.0.0.3" -LocalPort "1-65535" -RemotePort "20;80;443"
$filter2 = New-AzPacketCaptureFilterConfig -Protocol UDP
New-AzNetworkWatcherPacketCaptureV2 -NetworkWatcher $networkWatcher -TargetId $vmss.Id -TargetType "azurevmss" -Name "PacketCaptureTest" -StorageAccountId $storageAccount.id -TimeLimitInSecond 60 -Filter $filter1, $filter2
Name : PacketCaptureTest
Id : /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_eastus/packetCaptures/PacketCaptureTest
Etag : W/"0b3c52cb-aa63-4647-93d3-3221c13ccdd2"
ProvisioningState : Succeeded
Target : /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/contosoResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/SampleVMSS
TargetType : AzureVMSS
BytesToCapturePerPacket : 0
TotalBytesPerSession : 1073741824
TimeLimitInSeconds : 60
StorageLocation : {
"StorageId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/contosoResourceGroup/providers/Microsoft.Storage/storageAccounts/contosostorage123",
"StoragePath": "https://contosostorage123.blob.core.windows.net/network-watcher-logs/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/contosoResourceGroup/providers/microsoft.compute/virtualmachinescalesets/SampleVMSS/2022/07/21/packetcapture_09_20_07_166.cap"
}
Filters : [
{
"Protocol": "TCP",
"RemoteIPAddress": "1.1.1.1-255.255.255",
"LocalIPAddress": "10.0.0.3",
"LocalPort": "1-65535",
"RemotePort": "20;80;443"
},
{
"Protocol": "UDP",
"RemoteIPAddress": "",
"LocalIPAddress": "",
"LocalPort": "",
"RemotePort": ""
}
]
Scope : {
"Include": [],
"Exclude": []
}
In this example we create a packet capture named "PacketCaptureTest" with multiple filters and a time limit. Once the session is complete, it will be saved to the specified storage account.
Note: The Azure Network Watcher extension must be installed on the target virtual machine scale set and all the respective instances adhering to the latest vmss model, to create packet captures.
Example 3: Create a Packet Capture on few Instances of VMSS
$nw = Get-AzResource | Where {$_.ResourceType -eq "Microsoft.Network/networkWatchers" -and $_.Location -eq "WestCentralUS" }
$networkWatcher = Get-AzNetworkWatcher -Name $nw.Name -ResourceGroupName $nw.ResourceGroupName
$storageAccount = Get-AzStorageAccount -ResourceGroupName contosoResourceGroup -Name contosostorage123
$filter1 = New-AzPacketCaptureFilterConfig -Protocol TCP -RemoteIPAddress "1.1.1.1-255.255.255" -LocalIPAddress "10.0.0.3" -LocalPort "1-65535" -RemotePort "20;80;443"
$filter2 = New-AzPacketCaptureFilterConfig -Protocol UDP
$instance1 = $vmssInstance1.Name
$instance2 = $vmssInstance2.Name
$scope = New-AzPacketCaptureScopeConfig -Include $instance1, $instance2
New-AzNetworkWatcherPacketCaptureV2 -NetworkWatcher $networkWatcher -TargetId $vmss.Id -TargetType "azurevmss" -Scope $scope -Name "PacketCaptureTest" -StorageAccountId $storageAccount.id -TimeLimitInSecond 60 -Filter $filter1, $filter2
Name : PacketCaptureTest
Id : /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_eastus/packetCaptures/PacketCaptureTest
Etag : W/"0b3c52cb-aa63-4647-93d3-3221c13ccdd2"
ProvisioningState : Succeeded
Target : /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/contosoResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/SampleVMSS
TargetType : AzureVMSS
BytesToCapturePerPacket : 0
TotalBytesPerSession : 1073741824
TimeLimitInSeconds : 18000
StorageLocation : {
"StorageId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/contosoResourceGroup/providers/Microsoft.Storage/storageAccounts/contosostorage123",
"StoragePath": "https://contosostorage123.blob.core.windows.net/network-watcher-logs/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/contosoResourceGroup/providers/microsoft.compute/virtualmachinescalesets/SampleVMSS/2022/07/21/packetcapture_09_20_07_166.cap"
}
Filters : [
{
"Protocol": "TCP",
"RemoteIPAddress": "1.1.1.1-255.255.255",
"LocalIPAddress": "10.0.0.3",
"LocalPort": "1-65535",
"RemotePort": "20;80;443"
},
{
"Protocol": "UDP",
"RemoteIPAddress": "",
"LocalIPAddress": "",
"LocalPort": "",
"RemotePort": ""
}
]
Scope : {
"Include": [
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/contosoResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/SampleVMSS/virtualMachines/0",
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/contosoResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/SampleVMSS/virtualMachines/1"
],
"Exclude": []
}
In this example we create a packet capture named "PacketCaptureTest" with multiple filters and a time limit. Once the session is complete, it will be saved to the specified storage account.
Note: The Azure Network Watcher extension must be installed on the target virtual machine scale set and on the respective instances in include scope adhering to the latest vmss model, to create packet captures.
Example 4: Create a Packet Capture on a VMSS with continuous capture and its settings
$nw = Get-AzResource | Where {$_.ResourceType -eq "Microsoft.Network/networkWatchers" -and $_.Location -eq "WestCentralUS" }
$networkWatcher = Get-AzNetworkWatcher -Name $nw.Name -ResourceGroupName $nw.ResourceGroupName
$capSettings = New-AzPacketCaptureSettingsConfig -FileCount 2 -FileSizeInBytes 102400 -SessionTimeLimitInSeconds 60
New-AzNetworkWatcherPacketCaptureV2 -NetworkWatcher $networkWatcher -Name "PacketCaptureTest" -TargetId "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/contosoResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/SampleVMSS" -BytesToCapturePerPacket 1 -ContinuousCapture $false -CaptureSetting $capSettings -LocalPath "/var/captures/test1.cap"
Name : PacketCaptureTest
Id : /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/NetworkWatcherRG/providers/Microsoft.Network/networkWatchers/NetworkWatcher_eastus/packetCaptures/PacketCaptureTest
Etag : W/"00000000-0000-0000-0000-000000000000"
ProvisioningState : Succeeded
Target : /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/contosoResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/SampleVMSS
TargetType : AzureVMSS
BytesToCapturePerPacket : 1
StorageLocation : {
"StoragePath": "",
"LocalPath": "/var/captures/test1.cap"
}
ContinuousCapture : true
CaptureSettings : {
"fileCount":"2",
"fileSizeInBytes":"102400",
"sessionTimeLimitInSeconds":"60"
}
Filters : []
Scope : {}
In this example we create a packet capture named "PacketCaptureTest" with continuous capture as true along with capture settings. Once the session is complete, it will be saved to the specified storage account.
Note: The Azure Network Watcher extension must be installed on the target virtual machine scale set and all the respective instances adhering to the latest vmss model, to create packet captures.
Parameters
-AsJob
Run cmdlet in the background
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-BytesToCapturePerPacket
Bytes to capture per packet.
Parameter properties
Type: Nullable<T> [ Int32 ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-CaptureSetting
The capture setting holds the 'FileCount', 'FileSizeInBytes', 'SessionTimeLimitInSeconds' values. These settings are only applicable, if 'ContinuousCapture' is provided.
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: cf
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ContinuousCapture
This continuous capture is a nullable boolean, which can hold 'null', 'true' or 'false' value. If we do not pass this parameter, it would be consider as 'null', default value is 'null'.
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
Parameter properties
Type: IAzureContextContainer
Default value: None Supports wildcards: False DontShow: False Aliases: AzContext, AzureRmContext, AzureCredential
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Filter
Filters for packet capture session.
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-LocalFilePath
Local file path.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-LocalPath
This path is valid if 'ContinuousCapture' is provided and required if no storage ID is provided, otherwise optional. Must include the name of the capture file (*.cap).
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-Location
Location of the network watcher.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
SetByLocation
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Name
The packet capture name.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False Aliases: PacketCaptureName
Parameter sets
(All)
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-NetworkWatcher
The network watcher resource.
Parameter properties
Type: PSNetworkWatcher
Default value: None Supports wildcards: False DontShow: False
Parameter sets
SetByResource
Position: Named Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
-NetworkWatcherName
The name of network watcher.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
SetByName
Position: Named Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
-ResourceGroupName
The name of the network watcher resource group.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
SetByName
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-Scope
Scope of VMSS Instances to be Included or Excluded.
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-StorageAccountId
Storage account Id.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-StoragePath
Storage path.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-TargetId
The target virtual machine ID or virtual machine scale set ID
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-TargetType
Target Type of the Resource.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-TimeLimitInSecond
Time limit in seconds.
Parameter properties
Type: Nullable<T> [ Int32 ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-TotalBytesPerSession
Total bytes per session.
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-WhatIf
Shows what would happen if the cmdlet runs.
The cmdlet is not run.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: wi
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters .
Outputs
