< Back
New-AzureRmNetworkWatcherPacketCapture
Post
NAME New-AzureRmNetworkWatcherPacketCapture
SYNOPSIS
Creates a new packet capture resource and starts a packet capture session on a VM.
SYNTAX
New-AzureRmNetworkWatcherPacketCapture [-AsJob] [-BytesToCapturePerPacket <Int32>] [-DefaultProfile <IAzureContextContainer>] [-Filter
<System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSPacketCaptureFilter]>] [-LocalFilePath <String>] -NetworkWatcher
<PSNetworkWatcher> -PacketCaptureName <String> [-StorageAccountId <String>] [-StoragePath <String>] -TargetVirtualMachineId <String>
[-TimeLimitInSeconds <Int32>] [-TotalBytesPerSession <Int32>] [-Confirm] [-WhatIf] [<CommonParameters>]
New-AzureRmNetworkWatcherPacketCapture [-AsJob] [-BytesToCapturePerPacket <Int32>] [-DefaultProfile <IAzureContextContainer>] [-Filter
<System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSPacketCaptureFilter]>] [-LocalFilePath <String>] -NetworkWatcherName
<String> -PacketCaptureName <String> -ResourceGroupName <String> [-StorageAccountId <String>] [-StoragePath <String>] -TargetVirtualMachineId
<String> [-TimeLimitInSeconds <Int32>] [-TotalBytesPerSession <Int32>] [-Confirm] [-WhatIf] [<CommonParameters>]
DESCRIPTION
The New-AzureRmNetworkWatcherPacketCapture cmdlet creates a new packet capture resource and starts a packet capture session on a VM. The length of
the Packet Capture sessions can be configured via a time constraint or a size constraint. The amount of data captured for each packet can also be
configured. Filters can be applied to a given packet capture session, allowing you to customize the type of packets captured. Filters can restrict
packets on local and remote IP addresses & address ranges, local and remote ports & port ranges, and the session level protocol to be captured.
Filters are composable, and multiple filters can be applied to provide you with granularity of capture.
PARAMETERS
-AsJob [<SwitchParameter>]
Run cmdlet in the background
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-BytesToCapturePerPacket <Int32>
Bytes to capture per packet.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-DefaultProfile <IAzureContextContainer>
The credentials, account, tenant, and subscription used for communication with azure.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Filter <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSPacketCaptureFilter]>
Filters for packet capture session.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-LocalFilePath <String>
Local file path.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-NetworkWatcher <PSNetworkWatcher>
The network watcher resource.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByValue)
Accept wildcard characters? false
-NetworkWatcherName <String>
The name of network watcher.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByValue)
Accept wildcard characters? false
-PacketCaptureName <String>
The packet capture name.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-ResourceGroupName <String>
The name of the network watcher resource group.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-StorageAccountId <String>
Storage account Id.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-StoragePath <String>
Storage path.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-TargetVirtualMachineId <String>
The target virtual machine ID.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-TimeLimitInSeconds <Int32>
Time limit in seconds.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-TotalBytesPerSession <Int32>
Total bytes per session.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
Microsoft.Azure.Commands.Network.Models.PSNetworkWatcher
System.String System.Nullable`1[[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]
OUTPUTS
Microsoft.Azure.Commands.Network.Models.PSPacketCapture
NOTES
Keywords: azure, azurerm, arm, resource, management, manager, network, networking, network watcher, packet, capture, traffic
--- Example 1: Create a Packet Capture with multiple filters ---
$nw = Get-AzurermResource | Where {$_.ResourceType -eq "Microsoft.Network/networkWatchers" -and $_.Location -eq "WestCentralUS" }
$networkWatcher = Get-AzureRmNetworkWatcher -Name $nw.Name -ResourceGroupName $nw.ResourceGroupName
$storageAccount = Get-AzureRmStorageAccount -ResourceGroupName contosoResourceGroup -Name contosostorage123
$filter1 = New-AzureRmPacketCaptureFilterConfig -Protocol TCP -RemoteIPAddress "1.1.1.1-255.255.255" -LocalIPAddress "10.0.0.3" -LocalPort
"1-65535" -RemotePort "20;80;443"
$filter2 = New-AzureRmPacketCaptureFilterConfig -Protocol UDP
New-AzureRmNetworkWatcherPacketCapture -NetworkWatcher $networkWatcher -TargetVirtualMachineId $vm.Id -PacketCaptureName "PacketCaptureTest"
-StorageAccountId $storageAccount.id -TimeLimitInSeconds 60 -Filter $filter1, $filter2
In this example we create a packet capture named "PacketCaptureTest" with multiple filters and a time limit. Once the session is complete, it will
be saved to the specified storage account.
Note: The Azure Network Watcher extension must be installed on the target virtual machine to create packet captures.
RELATED LINKS
Online Version: https://docs.microsoft.com/en-us/powers ... ketcapture
New-AzureRmPacketCaptureFilterConfig
Get-AzureRmNetworkWatcherPacketCapture
Remove-AzureRmNetworkWatcherPacketCapture
Stop-AzureRmNetworkWatcherPacketCapture
New-AzureRmNetworkWatcher
Get-AzureRmNetworkWatcher
Remove-AzureRmNetworkWatcher
Test-AzureRmNetworkWatcherIPFlow
Get-AzureRmNetworkWatcherNextHop
Get-AzureRmNetworkWatcherSecurityGroupView
Get-AzureRmNetworkWatcherTopology
Start-AzureRmNetworkWatcherResourceTroubleshooting
SYNOPSIS
Creates a new packet capture resource and starts a packet capture session on a VM.
SYNTAX
New-AzureRmNetworkWatcherPacketCapture [-AsJob] [-BytesToCapturePerPacket <Int32>] [-DefaultProfile <IAzureContextContainer>] [-Filter
<System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSPacketCaptureFilter]>] [-LocalFilePath <String>] -NetworkWatcher
<PSNetworkWatcher> -PacketCaptureName <String> [-StorageAccountId <String>] [-StoragePath <String>] -TargetVirtualMachineId <String>
[-TimeLimitInSeconds <Int32>] [-TotalBytesPerSession <Int32>] [-Confirm] [-WhatIf] [<CommonParameters>]
New-AzureRmNetworkWatcherPacketCapture [-AsJob] [-BytesToCapturePerPacket <Int32>] [-DefaultProfile <IAzureContextContainer>] [-Filter
<System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSPacketCaptureFilter]>] [-LocalFilePath <String>] -NetworkWatcherName
<String> -PacketCaptureName <String> -ResourceGroupName <String> [-StorageAccountId <String>] [-StoragePath <String>] -TargetVirtualMachineId
<String> [-TimeLimitInSeconds <Int32>] [-TotalBytesPerSession <Int32>] [-Confirm] [-WhatIf] [<CommonParameters>]
DESCRIPTION
The New-AzureRmNetworkWatcherPacketCapture cmdlet creates a new packet capture resource and starts a packet capture session on a VM. The length of
the Packet Capture sessions can be configured via a time constraint or a size constraint. The amount of data captured for each packet can also be
configured. Filters can be applied to a given packet capture session, allowing you to customize the type of packets captured. Filters can restrict
packets on local and remote IP addresses & address ranges, local and remote ports & port ranges, and the session level protocol to be captured.
Filters are composable, and multiple filters can be applied to provide you with granularity of capture.
PARAMETERS
-AsJob [<SwitchParameter>]
Run cmdlet in the background
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-BytesToCapturePerPacket <Int32>
Bytes to capture per packet.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-DefaultProfile <IAzureContextContainer>
The credentials, account, tenant, and subscription used for communication with azure.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-Filter <System.Collections.Generic.List`1[Microsoft.Azure.Commands.Network.Models.PSPacketCaptureFilter]>
Filters for packet capture session.
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-LocalFilePath <String>
Local file path.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-NetworkWatcher <PSNetworkWatcher>
The network watcher resource.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByValue)
Accept wildcard characters? false
-NetworkWatcherName <String>
The name of network watcher.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByValue)
Accept wildcard characters? false
-PacketCaptureName <String>
The packet capture name.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-ResourceGroupName <String>
The name of the network watcher resource group.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-StorageAccountId <String>
Storage account Id.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-StoragePath <String>
Storage path.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-TargetVirtualMachineId <String>
The target virtual machine ID.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-TimeLimitInSeconds <Int32>
Time limit in seconds.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-TotalBytesPerSession <Int32>
Total bytes per session.
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
Microsoft.Azure.Commands.Network.Models.PSNetworkWatcher
System.String System.Nullable`1[[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]
OUTPUTS
Microsoft.Azure.Commands.Network.Models.PSPacketCapture
NOTES
Keywords: azure, azurerm, arm, resource, management, manager, network, networking, network watcher, packet, capture, traffic
--- Example 1: Create a Packet Capture with multiple filters ---
$nw = Get-AzurermResource | Where {$_.ResourceType -eq "Microsoft.Network/networkWatchers" -and $_.Location -eq "WestCentralUS" }
$networkWatcher = Get-AzureRmNetworkWatcher -Name $nw.Name -ResourceGroupName $nw.ResourceGroupName
$storageAccount = Get-AzureRmStorageAccount -ResourceGroupName contosoResourceGroup -Name contosostorage123
$filter1 = New-AzureRmPacketCaptureFilterConfig -Protocol TCP -RemoteIPAddress "1.1.1.1-255.255.255" -LocalIPAddress "10.0.0.3" -LocalPort
"1-65535" -RemotePort "20;80;443"
$filter2 = New-AzureRmPacketCaptureFilterConfig -Protocol UDP
New-AzureRmNetworkWatcherPacketCapture -NetworkWatcher $networkWatcher -TargetVirtualMachineId $vm.Id -PacketCaptureName "PacketCaptureTest"
-StorageAccountId $storageAccount.id -TimeLimitInSeconds 60 -Filter $filter1, $filter2
In this example we create a packet capture named "PacketCaptureTest" with multiple filters and a time limit. Once the session is complete, it will
be saved to the specified storage account.
Note: The Azure Network Watcher extension must be installed on the target virtual machine to create packet captures.
RELATED LINKS
Online Version: https://docs.microsoft.com/en-us/powers ... ketcapture
New-AzureRmPacketCaptureFilterConfig
Get-AzureRmNetworkWatcherPacketCapture
Remove-AzureRmNetworkWatcherPacketCapture
Stop-AzureRmNetworkWatcherPacketCapture
New-AzureRmNetworkWatcher
Get-AzureRmNetworkWatcher
Remove-AzureRmNetworkWatcher
Test-AzureRmNetworkWatcherIPFlow
Get-AzureRmNetworkWatcherNextHop
Get-AzureRmNetworkWatcherSecurityGroupView
Get-AzureRmNetworkWatcherTopology
Start-AzureRmNetworkWatcherResourceTroubleshooting