Jaa


az network watcher packet-capture

Manage packet capture sessions on VMs.

These commands require that both Azure Network Watcher is enabled for the VMs region and that AzureNetworkWatcherExtension is enabled on the VM. For more information visit https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-packet-capture-manage-cli.

Commands

Name Description Type Status
az network watcher packet-capture create

Create and start a packet capture session.

Core GA
az network watcher packet-capture delete

Delete a packet capture session.

Core GA
az network watcher packet-capture list

List all packet capture sessions within a region.

Core GA
az network watcher packet-capture show

Show details of a packet capture session.

Core GA
az network watcher packet-capture show-status

Show the status of a packet capture session.

Core GA
az network watcher packet-capture stop

Stop a running packet capture session.

Core GA
az network watcher packet-capture wait

Place the CLI in a waiting state until a condition is met.

Core GA

az network watcher packet-capture create

Create and start a packet capture session.

az network watcher packet-capture create --name
                                         --resource-group
                                         [--capture-limit]
                                         [--capture-size]
                                         [--exclude]
                                         [--file-path]
                                         [--filters]
                                         [--include]
                                         [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                         [--storage-account]
                                         [--storage-path]
                                         [--target]
                                         [--target-type {AzureVM, AzureVMSS}]
                                         [--time-limit]
                                         [--vm]

Examples

Create a packet capture session on a VM.

az network watcher packet-capture create -g MyResourceGroup -n MyPacketCaptureName --vm MyVm --storage-account MyStorageAccount

Create a packet capture session on a VM with optional filters for protocols, local IP address and remote IP address ranges and ports.

az network watcher packet-capture create -g MyResourceGroup -n MyPacketCaptureName --vm MyVm --storage-account MyStorageAccount --filters '[{"protocol":"TCP", "remoteIPAddress":"1.1.1.1-255.255.255", "localIPAddress":"10.0.0.3", "remotePort":"20"}, {"protocol":"TCP", "remoteIPAddress":"1.1.1.1-255.255.255", "localIPAddress":"10.0.0.3", "remotePort":"80"}, {"protocol":"TCP", "remoteIPAddress":"1.1.1.1-255.255.255", "localIPAddress":"10.0.0.3", "remotePort":"443"}, {"protocol":"UDP"}]'

Create a packet capture session on a VMSS.

az network watcher packet-capture create -g MyResourceGroup -n MyPacketCaptureName --vm MyVmVMSS --storage-account MyStorageAccount --target-type "AzureVMSS"

Create a packet capture session on a VMSS with including particular instances.

az network watcher packet-capture create -g MyResourceGroup -n MyPacketCaptureName --target MyVmVMSS --storage-account MyStorageAccount --target-type "AzureVMSS" --include "0" "1"

Create a packet capture session on a VMSS with excluding particular instances.

az network watcher packet-capture create -g MyResourceGroup -n MyPacketCaptureName --vm MyVmVMSS --storage-account MyStorageAccount --target-type "AzureVMSS" --exclude "0" "1"

Required Parameters

--name -n

Name of the packet capture session.

--resource-group -g

Name of the resource group the target resource is in.

Optional Parameters

--capture-limit

Maximum size in bytes of the capture output.

Default value: 1073741824
--capture-size

Number of bytes captured per packet. Excess bytes are truncated.

Default value: 0
--exclude

Space-separated list of VMSS instances to exclude in packet capture. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--file-path

Local path on the targeted VM at which to save the packet capture. For Linux VMs, the path must start with /var/captures.

--filters

JSON encoded list of packet filters. Use @{path} to load from file. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--include

Space-separated list of VMSS instances to include in packet capture like 0 1 2. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--storage-account

Name or ID of a storage account to save the packet capture to.

--storage-path

Fully qualified URI of an existing storage container in which to store the capture file. If not specified, the container network-watcher-logs will be created if it does not exist and the capture file will be stored there.

--target

Name or ID of the target resource. If --target-type is AzureVMSS, then --target is mandatory.

--target-type

Resource type of target.

Accepted values: AzureVM, AzureVMSS
Default value: AzureVM
--time-limit

Maximum duration of the capture session in seconds.

Default value: 18000
--vm

Name or ID of the VM to target.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network watcher packet-capture delete

Delete a packet capture session.

az network watcher packet-capture delete --location
                                         --name
                                         [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]

Examples

Delete a packet capture session. This only deletes the session and not the capture file.

az network watcher packet-capture delete -n packetCaptureName -l westcentralus

Required Parameters

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--name -n

Name of the packet capture session.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network watcher packet-capture list

List all packet capture sessions within a region.

az network watcher packet-capture list --location

Examples

List all packet capture sessions within a region.

az az network watcher packet-capture list -l westus

Required Parameters

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network watcher packet-capture show

Show details of a packet capture session.

az network watcher packet-capture show --location
                                       --name

Examples

Show a packet capture session.

az network watcher packet-capture show -l westus -n MyPacketCapture

Required Parameters

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--name -n

Name of the packet capture session.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network watcher packet-capture show-status

Show the status of a packet capture session.

az network watcher packet-capture show-status --location
                                              --name
                                              [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]

Examples

Show the status of a packet capture session.

az network watcher packet-capture show-status -l westus -n MyPacketCapture

Required Parameters

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--name -n

Name given to the packet capture session.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network watcher packet-capture stop

Stop a running packet capture session.

az network watcher packet-capture stop --location
                                       --name
                                       [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]

Examples

Stop a running packet capture session.

az network watcher packet-capture stop -l westus -n MyPacketCapture

Required Parameters

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--name -n

Name of the packet capture session.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network watcher packet-capture wait

Place the CLI in a waiting state until a condition is met.

az network watcher packet-capture wait [--created]
                                       [--custom]
                                       [--deleted]
                                       [--exists]
                                       [--ids]
                                       [--interval]
                                       [--name]
                                       [--subscription]
                                       [--timeout]
                                       [--updated]
                                       [--watcher-name]
                                       [--watcher-rg]

Optional Parameters

--created

Wait until created with 'provisioningState' at 'Succeeded'.

Default value: False
--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

Default value: False
--exists

Wait until the resource exists.

Default value: False
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--interval

Polling interval in seconds.

Default value: 30
--name -n

Name of the packet capture session.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--timeout

Maximum wait in seconds.

Default value: 3600
--updated

Wait until updated with provisioningState at 'Succeeded'.

Default value: False
--watcher-name

Name of the network watcher.

--watcher-rg

Name of the resource group the watcher is in.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.