Azure Firewalls - Packet Capture

Referencia

Servicio:: Firewall

Versión de la API:: 2024-05-01

Ejecuta una captura de paquetes en AzureFirewall.

POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/azureFirewalls/{azureFirewallName}/packetCapture?api-version=2024-05-01

Parámetros de identificador URI

Nombre	En	Requerido	Tipo	Description
azureFirewallName	path	True	string minLength: 1 maxLength: 56 pattern: ^[a-zA-Z0-9]	Nombre de Azure Firewall.
resourceGroupName	path	True	string	Nombre del grupo de recursos.
subscriptionId	path	True	string	Credenciales de suscripción que identifican de forma única la suscripción de Microsoft Azure. El identificador de suscripción forma parte del URI de cada llamada de servicio.
api-version	query	True	string	Versión de la API de cliente.

Cuerpo de la solicitud

Nombre	Tipo	Description
durationInSeconds	integer (int32) minimum: 30 maximum: 1800 exclusiveMinimum: False exclusiveMaximum: False	Duración de la captura de paquetes en segundos.
fileName	string	Nombre del archivo que se va a cargar en sasURL
filters	AzureFirewallPacketCaptureRule[]	Reglas para filtrar las capturas de paquetes.
flags	AzureFirewallPacketCaptureFlags[]	Tipo de marca tcp que se va a capturar. Se usa con el protocolo TCP
numberOfPacketsToCapture	integer (int32) minimum: 100 maximum: 90000 exclusiveMinimum: False exclusiveMaximum: False	Número de paquetes que se van a capturar.
protocol	AzureFirewallNetworkRuleProtocol	Protocolo de paquetes que se van a capturar
sasUrl	string	Cargar ubicación de captura

Respuestas

Nombre

Tipo

Description

202 Accepted

Aceptado y la operación se completará de forma asincrónica.

Encabezados

Location: string

Other Status Codes

Respuesta de error que describe por qué se produjo un error en la operación.

Seguridad

azure_auth

Flujo de OAuth2 de Azure Active Directory.

Tipo: oauth2
Flujo: implicit
Dirección URL de autorización: https://login.microsoftonline.com/common/oauth2/authorize

Ámbitos

Nombre	Description
user_impersonation	suplantar la cuenta de usuario

Ejemplos

AzureFirewallPacketCapture

Solicitud de ejemplo

POST https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azureFirewall1/packetCapture?api-version=2024-05-01

{
  "durationInSeconds": 300,
  "numberOfPacketsToCapture": 5000,
  "sasUrl": "someSASURL",
  "fileName": "azureFirewallPacketCapture",
  "protocol": "Any",
  "flags": [
    {
      "type": "syn"
    },
    {
      "type": "fin"
    }
  ],
  "filters": [
    {
      "sources": [
        "20.1.1.0"
      ],
      "destinations": [
        "20.1.2.0"
      ],
      "destinationPorts": [
        "4500"
      ]
    },
    {
      "sources": [
        "10.1.1.0",
        "10.1.1.1"
      ],
      "destinations": [
        "10.1.2.0"
      ],
      "destinationPorts": [
        "123",
        "80"
      ]
    }
  ]
}


import com.azure.resourcemanager.network.models.AzureFirewallNetworkRuleProtocol;
import com.azure.resourcemanager.network.models.AzureFirewallPacketCaptureFlags;
import com.azure.resourcemanager.network.models.AzureFirewallPacketCaptureFlagsType;
import com.azure.resourcemanager.network.models.AzureFirewallPacketCaptureRule;
import com.azure.resourcemanager.network.models.FirewallPacketCaptureParameters;
import java.util.Arrays;

/**
 * Samples for AzureFirewalls PacketCapture.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/network/resource-manager/Microsoft.Network/stable/2024-05-01/examples/AzureFirewallPacketCapture.
     * json
     */
    /**
     * Sample code: AzureFirewallPacketCapture.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void azureFirewallPacketCapture(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.networks().manager().serviceClient().getAzureFirewalls().packetCapture("rg1", "azureFirewall1",
            new FirewallPacketCaptureParameters().withDurationInSeconds(300).withNumberOfPacketsToCapture(5000)
                .withSasUrl("someSASURL").withFileName("azureFirewallPacketCapture")
                .withProtocol(AzureFirewallNetworkRuleProtocol.ANY)
                .withFlags(Arrays.asList(
                    new AzureFirewallPacketCaptureFlags().withType(AzureFirewallPacketCaptureFlagsType.SYN),
                    new AzureFirewallPacketCaptureFlags().withType(AzureFirewallPacketCaptureFlagsType.FIN)))
                .withFilters(Arrays.asList(
                    new AzureFirewallPacketCaptureRule().withSources(Arrays.asList("20.1.1.0"))
                        .withDestinations(Arrays.asList("20.1.2.0")).withDestinationPorts(Arrays.asList("4500")),
                    new AzureFirewallPacketCaptureRule().withSources(Arrays.asList("10.1.1.0", "10.1.1.1"))
                        .withDestinations(Arrays.asList("10.1.2.0")).withDestinationPorts(Arrays.asList("123", "80")))),
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential

from azure.mgmt.network import NetworkManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-network
# USAGE
    python azure_firewall_packet_capture.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = NetworkManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid",
    )

    client.azure_firewalls.begin_packet_capture(
        resource_group_name="rg1",
        azure_firewall_name="azureFirewall1",
        parameters={
            "durationInSeconds": 300,
            "fileName": "azureFirewallPacketCapture",
            "filters": [
                {"destinationPorts": ["4500"], "destinations": ["20.1.2.0"], "sources": ["20.1.1.0"]},
                {"destinationPorts": ["123", "80"], "destinations": ["10.1.2.0"], "sources": ["10.1.1.0", "10.1.1.1"]},
            ],
            "flags": [{"type": "syn"}, {"type": "fin"}],
            "numberOfPacketsToCapture": 5000,
            "protocol": "Any",
            "sasUrl": "someSASURL",
        },
    ).result()


# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2024-05-01/examples/AzureFirewallPacketCapture.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armnetwork_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/ab04533261eff228f28e08900445d0edef3eb70c/specification/network/resource-manager/Microsoft.Network/stable/2024-05-01/examples/AzureFirewallPacketCapture.json
func ExampleAzureFirewallsClient_BeginPacketCapture() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armnetwork.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewAzureFirewallsClient().BeginPacketCapture(ctx, "rg1", "azureFirewall1", armnetwork.FirewallPacketCaptureParameters{
		DurationInSeconds: to.Ptr[int32](300),
		FileName:          to.Ptr("azureFirewallPacketCapture"),
		Filters: []*armnetwork.AzureFirewallPacketCaptureRule{
			{
				DestinationPorts: []*string{
					to.Ptr("4500")},
				Destinations: []*string{
					to.Ptr("20.1.2.0")},
				Sources: []*string{
					to.Ptr("20.1.1.0")},
			},
			{
				DestinationPorts: []*string{
					to.Ptr("123"),
					to.Ptr("80")},
				Destinations: []*string{
					to.Ptr("10.1.2.0")},
				Sources: []*string{
					to.Ptr("10.1.1.0"),
					to.Ptr("10.1.1.1")},
			}},
		Flags: []*armnetwork.AzureFirewallPacketCaptureFlags{
			{
				Type: to.Ptr(armnetwork.AzureFirewallPacketCaptureFlagsTypeSyn),
			},
			{
				Type: to.Ptr(armnetwork.AzureFirewallPacketCaptureFlagsTypeFin),
			}},
		NumberOfPacketsToCapture: to.Ptr[int32](5000),
		SasURL:                   to.Ptr("someSASURL"),
		Protocol:                 to.Ptr(armnetwork.AzureFirewallNetworkRuleProtocolAny),
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	_, err = poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Runs a packet capture on AzureFirewall.
 *
 * @summary Runs a packet capture on AzureFirewall.
 * x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2024-05-01/examples/AzureFirewallPacketCapture.json
 */
async function azureFirewallPacketCapture() {
  const subscriptionId = process.env["NETWORK_SUBSCRIPTION_ID"] || "subid";
  const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "rg1";
  const azureFirewallName = "azureFirewall1";
  const parameters = {
    durationInSeconds: 300,
    fileName: "azureFirewallPacketCapture",
    filters: [
      {
        destinationPorts: ["4500"],
        destinations: ["20.1.2.0"],
        sources: ["20.1.1.0"],
      },
      {
        destinationPorts: ["123", "80"],
        destinations: ["10.1.2.0"],
        sources: ["10.1.1.0", "10.1.1.1"],
      },
    ],
    flags: [{ type: "syn" }, { type: "fin" }],
    numberOfPacketsToCapture: 5000,
    sasUrl: "someSASURL",
    protocol: "Any",
  };
  const credential = new DefaultAzureCredential();
  const client = new NetworkManagementClient(credential, subscriptionId);
  const result = await client.azureFirewalls.beginPacketCaptureAndWait(
    resourceGroupName,
    azureFirewallName,
    parameters,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Network.Models;
using Azure.ResourceManager.Network;

// Generated from example definition: specification/network/resource-manager/Microsoft.Network/stable/2024-05-01/examples/AzureFirewallPacketCapture.json
// this example is just showing the usage of "AzureFirewalls_PacketCapture" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this AzureFirewallResource created on azure
// for more information of creating AzureFirewallResource, please refer to the document of AzureFirewallResource
string subscriptionId = "subid";
string resourceGroupName = "rg1";
string azureFirewallName = "azureFirewall1";
ResourceIdentifier azureFirewallResourceId = AzureFirewallResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, azureFirewallName);
AzureFirewallResource azureFirewall = client.GetAzureFirewallResource(azureFirewallResourceId);

// invoke the operation
FirewallPacketCaptureRequestContent content = new FirewallPacketCaptureRequestContent
{
    DurationInSeconds = 300,
    NumberOfPacketsToCapture = 5000,
    SasUri = new Uri("someSASURL"),
    FileName = "azureFirewallPacketCapture",
    Protocol = AzureFirewallNetworkRuleProtocol.Any,
    Flags = {new AzureFirewallPacketCaptureFlags
    {
    FlagsType = AzureFirewallPacketCaptureFlagsType.Syn,
    }, new AzureFirewallPacketCaptureFlags
    {
    FlagsType = AzureFirewallPacketCaptureFlagsType.Fin,
    }},
    Filters = {new AzureFirewallPacketCaptureRule
    {
    Sources = {"20.1.1.0"},
    Destinations = {"20.1.2.0"},
    DestinationPorts = {"4500"},
    }, new AzureFirewallPacketCaptureRule
    {
    Sources = {"10.1.1.0", "10.1.1.1"},
    Destinations = {"10.1.2.0"},
    DestinationPorts = {"123", "80"},
    }},
};
await azureFirewall.PacketCaptureAsync(WaitUntil.Completed, content);

Console.WriteLine("Succeeded");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Respuesta de muestra

status code:: 202

Location: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Network/locations/eastus/operationResults/00000000-0000-0000-0000-000000000000?api-version=2024-05-01
Azure-AsyncOperation: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Network/locations/eastus/operations/00000000-0000-0000-0000-000000000000?api-version=2024-05-01

Definiciones

Nombre	Description
AzureFirewallNetworkRuleProtocol	Protocolo de un recurso de regla de red.
AzureFirewallPacketCaptureFlags	Propiedades de AzureFirewallRCAction.
AzureFirewallPacketCaptureFlagsType	Tipo de marcas que se va a capturar.
AzureFirewallPacketCaptureRule	Grupo de puertos ips y src/dest que se van a capturar.
CloudError	Respuesta de error del servicio.
CloudErrorBody	Respuesta de error del servicio.
FirewallPacketCaptureParameters	Parámetros de captura de paquetes de Azure Firewall.

AzureFirewallNetworkRuleProtocol

Enumeración

Protocolo de un recurso de regla de red.

Valor	Description
Any
ICMP
TCP
UDP

AzureFirewallPacketCaptureFlags

Object

Propiedades de AzureFirewallRCAction.

Nombre	Tipo	Description
type	AzureFirewallPacketCaptureFlagsType	Marcas que se van a capturar

AzureFirewallPacketCaptureFlagsType

Enumeración

Tipo de marcas que se va a capturar.

Valor	Description
ack
fin
push
rst
syn
urg

AzureFirewallPacketCaptureRule

Object

Grupo de puertos ips y src/dest que se van a capturar.

Nombre	Tipo	Description
destinationPorts	string[]	Lista de puertos que se van a capturar.
destinations	string[]	Lista de direcciones IP o subredes de destino que se van a capturar.
sources	string[]	Lista de direcciones IP o subredes de origen que se van a capturar.

CloudError

Object

Respuesta de error del servicio.

Nombre	Tipo	Description
error	CloudErrorBody	Cuerpo del error en la nube.

CloudErrorBody

Object

Respuesta de error del servicio.

Nombre	Tipo	Description
code	string	Identificador del error. Los códigos son invariables y están diseñados para consumirse mediante programación.
details	CloudErrorBody[]	Lista de detalles adicionales sobre el error.
message	string	Mensaje que describe el error, diseñado para ser adecuado para mostrarse en una interfaz de usuario.
target	string	Destino del error concreto. Por ejemplo, el nombre de la propiedad en error.

FirewallPacketCaptureParameters

Object

Parámetros de captura de paquetes de Azure Firewall.

Nombre	Tipo	Description
durationInSeconds	integer (int32) minimum: 30 maximum: 1800 exclusiveMinimum: False exclusiveMaximum: False	Duración de la captura de paquetes en segundos.
fileName	string	Nombre del archivo que se va a cargar en sasURL
filters	AzureFirewallPacketCaptureRule[]	Reglas para filtrar las capturas de paquetes.
flags	AzureFirewallPacketCaptureFlags[]	Tipo de marca tcp que se va a capturar. Se usa con el protocolo TCP
numberOfPacketsToCapture	integer (int32) minimum: 100 maximum: 90000 exclusiveMinimum: False exclusiveMaximum: False	Número de paquetes que se van a capturar.
protocol	AzureFirewallNetworkRuleProtocol	Protocolo de paquetes que se van a capturar
sasUrl	string	Cargar ubicación de captura