Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
- Latest
- 2025-05-01
- 2025-03-01
- 2025-01-01
- 2024-10-01
- 2024-07-01
- 2024-05-01
- 2024-03-01
- 2024-01-01
- 2023-11-01
- 2023-09-01
- 2023-06-01
- 2023-05-01
- 2023-04-01
- 2023-02-01
- 2022-11-01
- 2022-09-01
- 2022-07-01
- 2022-05-01
- 2022-01-01
- 2021-08-01
- 2021-05-01
- 2021-03-01
- 2021-02-01
- 2020-11-01
- 2020-08-01
- 2020-07-01
- 2020-06-01
- 2020-05-01
- 2020-04-01
- 2020-03-01
- 2019-12-01
- 2019-11-01
- 2019-09-01
- 2019-08-01
- 2019-07-01
- 2019-06-01
- 2019-04-01
- 2019-02-01
- 2018-12-01
- 2018-11-01
- 2018-10-01
- 2018-08-01
- 2018-07-01
- 2018-06-01
- 2018-04-01
- 2018-02-01
- 2018-01-01
- 2017-11-01
- 2017-10-01
- 2017-09-01
- 2017-08-01
- 2017-06-01
- 2017-03-30
- 2017-03-01
- 2016-12-01
- 2016-09-01
Bicep resource definition
The networkWatchers/packetCaptures resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/networkWatchers/packetCaptures resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Network/networkWatchers/packetCaptures@2022-01-01' = {
parent: resourceSymbolicName
name: 'string'
properties: {
bytesToCapturePerPacket: int
filters: [
{
localIPAddress: 'string'
localPort: 'string'
protocol: 'string'
remoteIPAddress: 'string'
remotePort: 'string'
}
]
scope: {
exclude: [
'string'
]
include: [
'string'
]
}
storageLocation: {
filePath: 'string'
storageId: 'string'
storagePath: 'string'
}
target: 'string'
targetType: 'string'
timeLimitInSeconds: int
totalBytesPerSession: int
}
}
Property Values
Microsoft.Network/networkWatchers/packetCaptures
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) |
| parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. |
Symbolic name for resource of type: networkWatchers |
| properties | Properties of the packet capture. | PacketCaptureParametersOrPacketCaptureResultProperties (required) |
PacketCaptureFilter
| Name | Description | Value |
|---|---|---|
| localIPAddress | Local IP Address to be filtered on. Notation: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5"? for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string |
| localPort | Local port to be filtered on. Notation: "80" for single port entry."80-85" for range. "80;443;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string |
| protocol | Protocol to be filtered on. | 'Any' 'TCP' 'UDP' |
| remoteIPAddress | Local IP Address to be filtered on. Notation: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string |
| remotePort | Remote port to be filtered on. Notation: "80" for single port entry."80-85" for range. "80;443;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string |
PacketCaptureMachineScope
| Name | Description | Value |
|---|---|---|
| exclude | List of AzureVMSS instances which has to be excluded from the AzureVMSS from running packet capture. | string[] |
| include | List of AzureVMSS instances to run packet capture on. | string[] |
PacketCaptureParametersOrPacketCaptureResultProperties
| Name | Description | Value |
|---|---|---|
| bytesToCapturePerPacket | Number of bytes captured per packet, the remaining bytes are truncated. | int Constraints: Min value = 0 Max value = 4294967295 |
| filters | A list of packet capture filters. | PacketCaptureFilter[] |
| scope | A list of AzureVMSS instances which can be included or excluded to run packet capture. If both included and excluded are empty, then the packet capture will run on all instances of AzureVMSS. | PacketCaptureMachineScope |
| storageLocation | The storage location for a packet capture session. | PacketCaptureStorageLocation (required) |
| target | The ID of the targeted resource, only AzureVM and AzureVMSS as target type are currently supported. | string (required) |
| targetType | Target type of the resource provided. | 'AzureVM' 'AzureVMSS' |
| timeLimitInSeconds | Maximum duration of the capture session in seconds. | int Constraints: Min value = 0 Max value = 18000 |
| totalBytesPerSession | Maximum size of the capture output. | int Constraints: Min value = 0 Max value = 4294967295 |
PacketCaptureStorageLocation
| Name | Description | Value |
|---|---|---|
| filePath | A valid local path on the targeting VM. Must include the name of the capture file (*.cap). For linux virtual machine it must start with /var/captures. Required if no storage ID is provided, otherwise optional. | string |
| storageId | The ID of the storage account to save the packet capture session. Required if no local file path is provided. | string |
| storagePath | The URI of the storage path to save the packet capture. Must be a well-formed URI describing the location to save the packet capture. | string |
Usage Examples
Bicep Samples
A basic example of deploying Configures Packet Capturing against a Virtual Machine using a Network Watcher.
param resourceName string = 'acctest0001'
param location string = 'westus'
@secure()
@description('The administrator password for the virtual machine')
param adminPassword string
resource networkInterface 'Microsoft.Network/networkInterfaces@2024-05-01' = {
name: '${resourceName}-nic'
location: location
properties: {
enableAcceleratedNetworking: false
enableIPForwarding: false
ipConfigurations: [
{
name: 'ipconfig1'
properties: {
primary: true
privateIPAddressVersion: 'IPv4'
privateIPAllocationMethod: 'Dynamic'
subnet: {
id: subnet.id
}
}
}
]
}
}
resource networkWatcher 'Microsoft.Network/networkWatchers@2024-05-01' = {
name: '${resourceName}-nw'
location: location
}
resource virtualMachine 'Microsoft.Compute/virtualMachines@2024-03-01' = {
name: '${resourceName}-vm'
location: location
properties: {
hardwareProfile: {
vmSize: 'Standard_B1s'
}
networkProfile: {
networkInterfaces: [
{
id: networkInterface.id
properties: {
primary: true
}
}
]
}
osProfile: {
adminPassword: null
adminUsername: 'testadmin'
computerName: 'acctest0001-vm'
linuxConfiguration: {
disablePasswordAuthentication: false
}
}
storageProfile: {
imageReference: {
offer: '0001-com-ubuntu-server-jammy'
publisher: 'Canonical'
sku: '22_04-lts'
version: 'latest'
}
osDisk: {
caching: 'ReadWrite'
createOption: 'FromImage'
managedDisk: {
storageAccountType: 'Standard_LRS'
}
name: 'acctest0001-osdisk'
writeAcceleratorEnabled: false
}
}
}
}
resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-05-01' = {
name: '${resourceName}-vnet'
location: location
properties: {
addressSpace: {
addressPrefixes: [
'10.0.0.0/16'
]
}
dhcpOptions: {
dnsServers: []
}
privateEndpointVNetPolicies: 'Disabled'
}
}
resource extension 'Microsoft.Compute/virtualMachines/extensions@2024-03-01' = {
parent: virtualMachine
name: 'network-watcher'
location: location
properties: {
autoUpgradeMinorVersion: true
enableAutomaticUpgrade: false
publisher: 'Microsoft.Azure.NetworkWatcher'
suppressFailures: false
type: 'NetworkWatcherAgentLinux'
typeHandlerVersion: '1.4'
}
}
resource packetCapture 'Microsoft.Network/networkWatchers/packetCaptures@2024-05-01' = {
parent: networkWatcher
name: '${resourceName}-pc'
properties: {
bytesToCapturePerPacket: 0
storageLocation: {
filePath: '/var/captures/packet.cap'
}
target: virtualMachine.id
targetType: 'AzureVM'
timeLimitInSeconds: 18000
totalBytesPerSession: 1073741824
}
}
resource subnet 'Microsoft.Network/virtualNetworks/subnets@2024-05-01' = {
parent: virtualNetwork
name: 'internal'
properties: {
addressPrefix: '10.0.2.0/24'
defaultOutboundAccess: true
delegations: []
privateEndpointNetworkPolicies: 'Disabled'
privateLinkServiceNetworkPolicies: 'Enabled'
serviceEndpointPolicies: []
serviceEndpoints: []
}
}
ARM template resource definition
The networkWatchers/packetCaptures resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/networkWatchers/packetCaptures resource, add the following JSON to your template.
{
"type": "Microsoft.Network/networkWatchers/packetCaptures",
"apiVersion": "2022-01-01",
"name": "string",
"properties": {
"bytesToCapturePerPacket": "int",
"filters": [
{
"localIPAddress": "string",
"localPort": "string",
"protocol": "string",
"remoteIPAddress": "string",
"remotePort": "string"
}
],
"scope": {
"exclude": [ "string" ],
"include": [ "string" ]
},
"storageLocation": {
"filePath": "string",
"storageId": "string",
"storagePath": "string"
},
"target": "string",
"targetType": "string",
"timeLimitInSeconds": "int",
"totalBytesPerSession": "int"
}
}
Property Values
Microsoft.Network/networkWatchers/packetCaptures
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2022-01-01' |
| name | The resource name | string (required) |
| properties | Properties of the packet capture. | PacketCaptureParametersOrPacketCaptureResultProperties (required) |
| type | The resource type | 'Microsoft.Network/networkWatchers/packetCaptures' |
PacketCaptureFilter
| Name | Description | Value |
|---|---|---|
| localIPAddress | Local IP Address to be filtered on. Notation: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5"? for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string |
| localPort | Local port to be filtered on. Notation: "80" for single port entry."80-85" for range. "80;443;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string |
| protocol | Protocol to be filtered on. | 'Any' 'TCP' 'UDP' |
| remoteIPAddress | Local IP Address to be filtered on. Notation: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string |
| remotePort | Remote port to be filtered on. Notation: "80" for single port entry."80-85" for range. "80;443;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string |
PacketCaptureMachineScope
| Name | Description | Value |
|---|---|---|
| exclude | List of AzureVMSS instances which has to be excluded from the AzureVMSS from running packet capture. | string[] |
| include | List of AzureVMSS instances to run packet capture on. | string[] |
PacketCaptureParametersOrPacketCaptureResultProperties
| Name | Description | Value |
|---|---|---|
| bytesToCapturePerPacket | Number of bytes captured per packet, the remaining bytes are truncated. | int Constraints: Min value = 0 Max value = 4294967295 |
| filters | A list of packet capture filters. | PacketCaptureFilter[] |
| scope | A list of AzureVMSS instances which can be included or excluded to run packet capture. If both included and excluded are empty, then the packet capture will run on all instances of AzureVMSS. | PacketCaptureMachineScope |
| storageLocation | The storage location for a packet capture session. | PacketCaptureStorageLocation (required) |
| target | The ID of the targeted resource, only AzureVM and AzureVMSS as target type are currently supported. | string (required) |
| targetType | Target type of the resource provided. | 'AzureVM' 'AzureVMSS' |
| timeLimitInSeconds | Maximum duration of the capture session in seconds. | int Constraints: Min value = 0 Max value = 18000 |
| totalBytesPerSession | Maximum size of the capture output. | int Constraints: Min value = 0 Max value = 4294967295 |
PacketCaptureStorageLocation
| Name | Description | Value |
|---|---|---|
| filePath | A valid local path on the targeting VM. Must include the name of the capture file (*.cap). For linux virtual machine it must start with /var/captures. Required if no storage ID is provided, otherwise optional. | string |
| storageId | The ID of the storage account to save the packet capture session. Required if no local file path is provided. | string |
| storagePath | The URI of the storage path to save the packet capture. Must be a well-formed URI describing the location to save the packet capture. | string |
Usage Examples
Terraform (AzAPI provider) resource definition
The networkWatchers/packetCaptures resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/networkWatchers/packetCaptures resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Network/networkWatchers/packetCaptures@2022-01-01"
name = "string"
parent_id = "string"
body = {
properties = {
bytesToCapturePerPacket = int
filters = [
{
localIPAddress = "string"
localPort = "string"
protocol = "string"
remoteIPAddress = "string"
remotePort = "string"
}
]
scope = {
exclude = [
"string"
]
include = [
"string"
]
}
storageLocation = {
filePath = "string"
storageId = "string"
storagePath = "string"
}
target = "string"
targetType = "string"
timeLimitInSeconds = int
totalBytesPerSession = int
}
}
}
Property Values
Microsoft.Network/networkWatchers/packetCaptures
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) |
| parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: networkWatchers |
| properties | Properties of the packet capture. | PacketCaptureParametersOrPacketCaptureResultProperties (required) |
| type | The resource type | "Microsoft.Network/networkWatchers/packetCaptures@2022-01-01" |
PacketCaptureFilter
| Name | Description | Value |
|---|---|---|
| localIPAddress | Local IP Address to be filtered on. Notation: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5"? for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string |
| localPort | Local port to be filtered on. Notation: "80" for single port entry."80-85" for range. "80;443;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string |
| protocol | Protocol to be filtered on. | 'Any' 'TCP' 'UDP' |
| remoteIPAddress | Local IP Address to be filtered on. Notation: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string |
| remotePort | Remote port to be filtered on. Notation: "80" for single port entry."80-85" for range. "80;443;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string |
PacketCaptureMachineScope
| Name | Description | Value |
|---|---|---|
| exclude | List of AzureVMSS instances which has to be excluded from the AzureVMSS from running packet capture. | string[] |
| include | List of AzureVMSS instances to run packet capture on. | string[] |
PacketCaptureParametersOrPacketCaptureResultProperties
| Name | Description | Value |
|---|---|---|
| bytesToCapturePerPacket | Number of bytes captured per packet, the remaining bytes are truncated. | int Constraints: Min value = 0 Max value = 4294967295 |
| filters | A list of packet capture filters. | PacketCaptureFilter[] |
| scope | A list of AzureVMSS instances which can be included or excluded to run packet capture. If both included and excluded are empty, then the packet capture will run on all instances of AzureVMSS. | PacketCaptureMachineScope |
| storageLocation | The storage location for a packet capture session. | PacketCaptureStorageLocation (required) |
| target | The ID of the targeted resource, only AzureVM and AzureVMSS as target type are currently supported. | string (required) |
| targetType | Target type of the resource provided. | 'AzureVM' 'AzureVMSS' |
| timeLimitInSeconds | Maximum duration of the capture session in seconds. | int Constraints: Min value = 0 Max value = 18000 |
| totalBytesPerSession | Maximum size of the capture output. | int Constraints: Min value = 0 Max value = 4294967295 |
PacketCaptureStorageLocation
| Name | Description | Value |
|---|---|---|
| filePath | A valid local path on the targeting VM. Must include the name of the capture file (*.cap). For linux virtual machine it must start with /var/captures. Required if no storage ID is provided, otherwise optional. | string |
| storageId | The ID of the storage account to save the packet capture session. Required if no local file path is provided. | string |
| storagePath | The URI of the storage path to save the packet capture. Must be a well-formed URI describing the location to save the packet capture. | string |
Usage Examples
Terraform Samples
A basic example of deploying Configures Packet Capturing against a Virtual Machine using a Network Watcher.
terraform {
required_providers {
azapi = {
source = "Azure/azapi"
}
}
}
provider "azapi" {
skip_provider_registration = false
}
variable "resource_name" {
type = string
default = "acctest0001"
}
variable "location" {
type = string
default = "westus"
}
variable "admin_password" {
type = string
sensitive = true
description = "The administrator password for the virtual machine"
}
resource "azapi_resource" "resourceGroup" {
type = "Microsoft.Resources/resourceGroups@2020-06-01"
name = var.resource_name
location = var.location
}
resource "azapi_resource" "networkWatcher" {
type = "Microsoft.Network/networkWatchers@2024-05-01"
parent_id = azapi_resource.resourceGroup.id
name = "${var.resource_name}-nw"
location = var.location
}
resource "azapi_resource" "virtualNetwork" {
type = "Microsoft.Network/virtualNetworks@2024-05-01"
parent_id = azapi_resource.resourceGroup.id
name = "${var.resource_name}-vnet"
location = var.location
body = {
properties = {
addressSpace = {
addressPrefixes = ["10.0.0.0/16"]
}
dhcpOptions = {
dnsServers = []
}
privateEndpointVNetPolicies = "Disabled"
}
}
}
resource "azapi_resource" "subnet" {
type = "Microsoft.Network/virtualNetworks/subnets@2024-05-01"
parent_id = azapi_resource.virtualNetwork.id
name = "internal"
body = {
properties = {
addressPrefix = "10.0.2.0/24"
defaultOutboundAccess = true
delegations = []
privateEndpointNetworkPolicies = "Disabled"
privateLinkServiceNetworkPolicies = "Enabled"
serviceEndpointPolicies = []
serviceEndpoints = []
}
}
}
resource "azapi_resource" "networkInterface" {
type = "Microsoft.Network/networkInterfaces@2024-05-01"
parent_id = azapi_resource.resourceGroup.id
name = "${var.resource_name}-nic"
location = var.location
body = {
properties = {
enableAcceleratedNetworking = false
enableIPForwarding = false
ipConfigurations = [{
name = "ipconfig1"
properties = {
primary = true
privateIPAddressVersion = "IPv4"
privateIPAllocationMethod = "Dynamic"
subnet = {
id = azapi_resource.subnet.id
}
}
}]
}
}
}
resource "azapi_resource" "virtualMachine" {
type = "Microsoft.Compute/virtualMachines@2024-03-01"
parent_id = azapi_resource.resourceGroup.id
name = "${var.resource_name}-vm"
location = var.location
body = {
properties = {
hardwareProfile = {
vmSize = "Standard_B1s"
}
networkProfile = {
networkInterfaces = [{
id = azapi_resource.networkInterface.id
properties = {
primary = true
}
}]
}
osProfile = {
adminPassword = var.admin_password
adminUsername = "testadmin"
computerName = "${var.resource_name}-vm"
linuxConfiguration = {
disablePasswordAuthentication = false
}
}
storageProfile = {
imageReference = {
offer = "0001-com-ubuntu-server-jammy"
publisher = "Canonical"
sku = "22_04-lts"
version = "latest"
}
osDisk = {
caching = "ReadWrite"
createOption = "FromImage"
managedDisk = {
storageAccountType = "Standard_LRS"
}
name = "${var.resource_name}-osdisk"
writeAcceleratorEnabled = false
}
}
}
}
}
resource "azapi_resource" "extension" {
type = "Microsoft.Compute/virtualMachines/extensions@2024-03-01"
parent_id = azapi_resource.virtualMachine.id
name = "network-watcher"
location = var.location
body = {
properties = {
autoUpgradeMinorVersion = true
enableAutomaticUpgrade = false
publisher = "Microsoft.Azure.NetworkWatcher"
suppressFailures = false
type = "NetworkWatcherAgentLinux"
typeHandlerVersion = "1.4"
}
}
}
resource "azapi_resource" "packetCapture" {
type = "Microsoft.Network/networkWatchers/packetCaptures@2024-05-01"
parent_id = azapi_resource.networkWatcher.id
name = "${var.resource_name}-pc"
body = {
properties = {
bytesToCapturePerPacket = 0
storageLocation = {
filePath = "/var/captures/packet.cap"
}
target = azapi_resource.virtualMachine.id
targetType = "AzureVM"
timeLimitInSeconds = 18000
totalBytesPerSession = 1073741824
}
}
}