Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
- Latest
- 2025-05-01
- 2025-03-01
- 2025-01-01
- 2024-10-01
- 2024-07-01
- 2024-05-01
- 2024-03-01
- 2024-01-01
- 2023-11-01
- 2023-09-01
- 2023-06-01
- 2023-05-01
- 2023-04-01
- 2023-02-01
- 2022-11-01
- 2022-09-01
- 2022-07-01
- 2022-05-01
- 2022-01-01
- 2021-08-01
- 2021-05-01
- 2021-03-01
- 2021-02-01
- 2020-11-01
- 2020-08-01
- 2020-07-01
- 2020-06-01
- 2020-05-01
- 2020-04-01
- 2020-03-01
- 2019-12-01
- 2019-11-01
- 2019-09-01
- 2019-08-01
- 2019-07-01
- 2019-06-01
- 2019-04-01
- 2019-02-01
- 2018-12-01
- 2018-11-01
- 2018-10-01
- 2018-08-01
- 2018-07-01
- 2018-06-01
- 2018-04-01
- 2018-02-01
- 2018-01-01
- 2017-11-01
- 2017-10-01
- 2017-09-01
- 2017-08-01
- 2017-06-01
- 2017-03-30
- 2017-03-01
- 2016-12-01
- 2016-09-01
Bicep resource definition
The networkWatchers/packetCaptures resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/networkWatchers/packetCaptures resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Network/networkWatchers/packetCaptures@2017-03-30' = {
parent: resourceSymbolicName
name: 'string'
properties: {
bytesToCapturePerPacket: int
filters: [
{
localIPAddress: 'string'
localPort: 'string'
protocol: 'string'
remoteIPAddress: 'string'
remotePort: 'string'
}
]
storageLocation: {
filePath: 'string'
storageId: 'string'
storagePath: 'string'
}
target: 'string'
timeLimitInSeconds: int
totalBytesPerSession: int
}
}
Property Values
Microsoft.Network/networkWatchers/packetCaptures
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) |
| parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. |
Symbolic name for resource of type: networkWatchers |
| properties | Parameters that define the create packet capture operation. | PacketCaptureParametersOrPacketCaptureResultProperties (required) |
PacketCaptureFilter
| Name | Description | Value |
|---|---|---|
| localIPAddress | Local IP Address to be filtered on. Notation: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5"? for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string |
| localPort | Local port to be filtered on. Notation: "80" for single port entry."80-85" for range. "80;443;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string |
| protocol | Protocol to be filtered on. | 'Any' 'TCP' 'UDP' |
| remoteIPAddress | Local IP Address to be filtered on. Notation: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string |
| remotePort | Remote port to be filtered on. Notation: "80" for single port entry."80-85" for range. "80;443;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string |
PacketCaptureParametersOrPacketCaptureResultProperties
| Name | Description | Value |
|---|---|---|
| bytesToCapturePerPacket | Number of bytes captured per packet, the remaining bytes are truncated. | int |
| filters | PacketCaptureFilter[] | |
| storageLocation | Describes the storage location for a packet capture session. | PacketCaptureStorageLocation (required) |
| target | The ID of the targeted resource, only VM is currently supported. | string (required) |
| timeLimitInSeconds | Maximum duration of the capture session in seconds. | int |
| totalBytesPerSession | Maximum size of the capture output. | int |
PacketCaptureStorageLocation
| Name | Description | Value |
|---|---|---|
| filePath | A valid local path on the targeting VM. Must include the name of the capture file (*.cap). For linux virtual machine it must start with /var/captures. Required if no storage ID is provided, otherwise optional. | string |
| storageId | The ID of the storage account to save the packet capture session. Required if no local file path is provided. | string |
| storagePath | The URI of the storage path to save the packet capture. Must be a well-formed URI describing the location to save the packet capture. | string |
Usage Examples
Bicep Samples
A basic example of deploying Configures Packet Capturing against a Virtual Machine using a Network Watcher.
param resourceName string = 'acctest0001'
param location string = 'westus'
@secure()
@description('The administrator password for the virtual machine')
param adminPassword string
resource networkInterface 'Microsoft.Network/networkInterfaces@2024-05-01' = {
name: '${resourceName}-nic'
location: location
properties: {
enableAcceleratedNetworking: false
enableIPForwarding: false
ipConfigurations: [
{
name: 'ipconfig1'
properties: {
primary: true
privateIPAddressVersion: 'IPv4'
privateIPAllocationMethod: 'Dynamic'
subnet: {
id: subnet.id
}
}
}
]
}
}
resource networkWatcher 'Microsoft.Network/networkWatchers@2024-05-01' = {
name: '${resourceName}-nw'
location: location
}
resource virtualMachine 'Microsoft.Compute/virtualMachines@2024-03-01' = {
name: '${resourceName}-vm'
location: location
properties: {
hardwareProfile: {
vmSize: 'Standard_B1s'
}
networkProfile: {
networkInterfaces: [
{
id: networkInterface.id
properties: {
primary: true
}
}
]
}
osProfile: {
adminPassword: null
adminUsername: 'testadmin'
computerName: 'acctest0001-vm'
linuxConfiguration: {
disablePasswordAuthentication: false
}
}
storageProfile: {
imageReference: {
offer: '0001-com-ubuntu-server-jammy'
publisher: 'Canonical'
sku: '22_04-lts'
version: 'latest'
}
osDisk: {
caching: 'ReadWrite'
createOption: 'FromImage'
managedDisk: {
storageAccountType: 'Standard_LRS'
}
name: 'acctest0001-osdisk'
writeAcceleratorEnabled: false
}
}
}
}
resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-05-01' = {
name: '${resourceName}-vnet'
location: location
properties: {
addressSpace: {
addressPrefixes: [
'10.0.0.0/16'
]
}
dhcpOptions: {
dnsServers: []
}
privateEndpointVNetPolicies: 'Disabled'
}
}
resource extension 'Microsoft.Compute/virtualMachines/extensions@2024-03-01' = {
parent: virtualMachine
name: 'network-watcher'
location: location
properties: {
autoUpgradeMinorVersion: true
enableAutomaticUpgrade: false
publisher: 'Microsoft.Azure.NetworkWatcher'
suppressFailures: false
type: 'NetworkWatcherAgentLinux'
typeHandlerVersion: '1.4'
}
}
resource packetCapture 'Microsoft.Network/networkWatchers/packetCaptures@2024-05-01' = {
parent: networkWatcher
name: '${resourceName}-pc'
properties: {
bytesToCapturePerPacket: 0
storageLocation: {
filePath: '/var/captures/packet.cap'
}
target: virtualMachine.id
targetType: 'AzureVM'
timeLimitInSeconds: 18000
totalBytesPerSession: 1073741824
}
}
resource subnet 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' = {
parent: virtualNetwork
name: 'internal'
properties: {
addressPrefix: '10.0.2.0/24'
defaultOutboundAccess: true
delegations: []
privateEndpointNetworkPolicies: 'Disabled'
privateLinkServiceNetworkPolicies: 'Enabled'
serviceEndpointPolicies: []
serviceEndpoints: []
}
}
ARM template resource definition
The networkWatchers/packetCaptures resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/networkWatchers/packetCaptures resource, add the following JSON to your template.
{
"type": "Microsoft.Network/networkWatchers/packetCaptures",
"apiVersion": "2017-03-30",
"name": "string",
"properties": {
"bytesToCapturePerPacket": "int",
"filters": [
{
"localIPAddress": "string",
"localPort": "string",
"protocol": "string",
"remoteIPAddress": "string",
"remotePort": "string"
}
],
"storageLocation": {
"filePath": "string",
"storageId": "string",
"storagePath": "string"
},
"target": "string",
"timeLimitInSeconds": "int",
"totalBytesPerSession": "int"
}
}
Property Values
Microsoft.Network/networkWatchers/packetCaptures
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2017-03-30' |
| name | The resource name | string (required) |
| properties | Parameters that define the create packet capture operation. | PacketCaptureParametersOrPacketCaptureResultProperties (required) |
| type | The resource type | 'Microsoft.Network/networkWatchers/packetCaptures' |
PacketCaptureFilter
| Name | Description | Value |
|---|---|---|
| localIPAddress | Local IP Address to be filtered on. Notation: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5"? for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string |
| localPort | Local port to be filtered on. Notation: "80" for single port entry."80-85" for range. "80;443;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string |
| protocol | Protocol to be filtered on. | 'Any' 'TCP' 'UDP' |
| remoteIPAddress | Local IP Address to be filtered on. Notation: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string |
| remotePort | Remote port to be filtered on. Notation: "80" for single port entry."80-85" for range. "80;443;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string |
PacketCaptureParametersOrPacketCaptureResultProperties
| Name | Description | Value |
|---|---|---|
| bytesToCapturePerPacket | Number of bytes captured per packet, the remaining bytes are truncated. | int |
| filters | PacketCaptureFilter[] | |
| storageLocation | Describes the storage location for a packet capture session. | PacketCaptureStorageLocation (required) |
| target | The ID of the targeted resource, only VM is currently supported. | string (required) |
| timeLimitInSeconds | Maximum duration of the capture session in seconds. | int |
| totalBytesPerSession | Maximum size of the capture output. | int |
PacketCaptureStorageLocation
| Name | Description | Value |
|---|---|---|
| filePath | A valid local path on the targeting VM. Must include the name of the capture file (*.cap). For linux virtual machine it must start with /var/captures. Required if no storage ID is provided, otherwise optional. | string |
| storageId | The ID of the storage account to save the packet capture session. Required if no local file path is provided. | string |
| storagePath | The URI of the storage path to save the packet capture. Must be a well-formed URI describing the location to save the packet capture. | string |
Usage Examples
Terraform (AzAPI provider) resource definition
The networkWatchers/packetCaptures resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/networkWatchers/packetCaptures resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Network/networkWatchers/packetCaptures@2017-03-30"
name = "string"
parent_id = "string"
body = {
properties = {
bytesToCapturePerPacket = int
filters = [
{
localIPAddress = "string"
localPort = "string"
protocol = "string"
remoteIPAddress = "string"
remotePort = "string"
}
]
storageLocation = {
filePath = "string"
storageId = "string"
storagePath = "string"
}
target = "string"
timeLimitInSeconds = int
totalBytesPerSession = int
}
}
}
Property Values
Microsoft.Network/networkWatchers/packetCaptures
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) |
| parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: networkWatchers |
| properties | Parameters that define the create packet capture operation. | PacketCaptureParametersOrPacketCaptureResultProperties (required) |
| type | The resource type | "Microsoft.Network/networkWatchers/packetCaptures@2017-03-30" |
PacketCaptureFilter
| Name | Description | Value |
|---|---|---|
| localIPAddress | Local IP Address to be filtered on. Notation: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5"? for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string |
| localPort | Local port to be filtered on. Notation: "80" for single port entry."80-85" for range. "80;443;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string |
| protocol | Protocol to be filtered on. | 'Any' 'TCP' 'UDP' |
| remoteIPAddress | Local IP Address to be filtered on. Notation: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string |
| remotePort | Remote port to be filtered on. Notation: "80" for single port entry."80-85" for range. "80;443;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string |
PacketCaptureParametersOrPacketCaptureResultProperties
| Name | Description | Value |
|---|---|---|
| bytesToCapturePerPacket | Number of bytes captured per packet, the remaining bytes are truncated. | int |
| filters | PacketCaptureFilter[] | |
| storageLocation | Describes the storage location for a packet capture session. | PacketCaptureStorageLocation (required) |
| target | The ID of the targeted resource, only VM is currently supported. | string (required) |
| timeLimitInSeconds | Maximum duration of the capture session in seconds. | int |
| totalBytesPerSession | Maximum size of the capture output. | int |
PacketCaptureStorageLocation
| Name | Description | Value |
|---|---|---|
| filePath | A valid local path on the targeting VM. Must include the name of the capture file (*.cap). For linux virtual machine it must start with /var/captures. Required if no storage ID is provided, otherwise optional. | string |
| storageId | The ID of the storage account to save the packet capture session. Required if no local file path is provided. | string |
| storagePath | The URI of the storage path to save the packet capture. Must be a well-formed URI describing the location to save the packet capture. | string |
Usage Examples
Terraform Samples
A basic example of deploying Configures Packet Capturing against a Virtual Machine using a Network Watcher.
terraform {
required_providers {
azapi = {
source = "Azure/azapi"
}
}
}
provider "azapi" {
skip_provider_registration = false
}
variable "resource_name" {
type = string
default = "acctest0001"
}
variable "location" {
type = string
default = "westus"
}
variable "admin_password" {
type = string
sensitive = true
description = "The administrator password for the virtual machine"
}
resource "azapi_resource" "resourceGroup" {
type = "Microsoft.Resources/resourceGroups@2020-06-01"
name = var.resource_name
location = var.location
}
resource "azapi_resource" "networkWatcher" {
type = "Microsoft.Network/networkWatchers@2024-05-01"
parent_id = azapi_resource.resourceGroup.id
name = "${var.resource_name}-nw"
location = var.location
}
resource "azapi_resource" "virtualNetwork" {
type = "Microsoft.Network/virtualNetworks@2024-05-01"
parent_id = azapi_resource.resourceGroup.id
name = "${var.resource_name}-vnet"
location = var.location
body = {
properties = {
addressSpace = {
addressPrefixes = ["10.0.0.0/16"]
}
dhcpOptions = {
dnsServers = []
}
privateEndpointVNetPolicies = "Disabled"
}
}
}
resource "azapi_resource" "subnet" {
type = "Microsoft.Network/virtualNetworks/subnets@2024-05-01"
parent_id = azapi_resource.virtualNetwork.id
name = "internal"
body = {
properties = {
addressPrefix = "10.0.2.0/24"
defaultOutboundAccess = true
delegations = []
privateEndpointNetworkPolicies = "Disabled"
privateLinkServiceNetworkPolicies = "Enabled"
serviceEndpointPolicies = []
serviceEndpoints = []
}
}
}
resource "azapi_resource" "networkInterface" {
type = "Microsoft.Network/networkInterfaces@2024-05-01"
parent_id = azapi_resource.resourceGroup.id
name = "${var.resource_name}-nic"
location = var.location
body = {
properties = {
enableAcceleratedNetworking = false
enableIPForwarding = false
ipConfigurations = [{
name = "ipconfig1"
properties = {
primary = true
privateIPAddressVersion = "IPv4"
privateIPAllocationMethod = "Dynamic"
subnet = {
id = azapi_resource.subnet.id
}
}
}]
}
}
}
resource "azapi_resource" "virtualMachine" {
type = "Microsoft.Compute/virtualMachines@2024-03-01"
parent_id = azapi_resource.resourceGroup.id
name = "${var.resource_name}-vm"
location = var.location
body = {
properties = {
hardwareProfile = {
vmSize = "Standard_B1s"
}
networkProfile = {
networkInterfaces = [{
id = azapi_resource.networkInterface.id
properties = {
primary = true
}
}]
}
osProfile = {
adminPassword = var.admin_password
adminUsername = "testadmin"
computerName = "${var.resource_name}-vm"
linuxConfiguration = {
disablePasswordAuthentication = false
}
}
storageProfile = {
imageReference = {
offer = "0001-com-ubuntu-server-jammy"
publisher = "Canonical"
sku = "22_04-lts"
version = "latest"
}
osDisk = {
caching = "ReadWrite"
createOption = "FromImage"
managedDisk = {
storageAccountType = "Standard_LRS"
}
name = "${var.resource_name}-osdisk"
writeAcceleratorEnabled = false
}
}
}
}
}
resource "azapi_resource" "extension" {
type = "Microsoft.Compute/virtualMachines/extensions@2024-03-01"
parent_id = azapi_resource.virtualMachine.id
name = "network-watcher"
location = var.location
body = {
properties = {
autoUpgradeMinorVersion = true
enableAutomaticUpgrade = false
publisher = "Microsoft.Azure.NetworkWatcher"
suppressFailures = false
type = "NetworkWatcherAgentLinux"
typeHandlerVersion = "1.4"
}
}
}
resource "azapi_resource" "packetCapture" {
type = "Microsoft.Network/networkWatchers/packetCaptures@2024-05-01"
parent_id = azapi_resource.networkWatcher.id
name = "${var.resource_name}-pc"
body = {
properties = {
bytesToCapturePerPacket = 0
storageLocation = {
filePath = "/var/captures/packet.cap"
}
target = azapi_resource.virtualMachine.id
targetType = "AzureVM"
timeLimitInSeconds = 18000
totalBytesPerSession = 1073741824
}
}
}