Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
- Latest
- 2025-01-01
- 2024-10-01
- 2024-07-01
- 2024-05-01
- 2024-03-01
- 2024-01-01
- 2023-11-01
- 2023-09-01
- 2023-06-01
- 2023-05-01
- 2023-04-01
- 2023-02-01
- 2022-11-01
- 2022-09-01
- 2022-07-01
- 2022-05-01
- 2022-01-01
- 2021-08-01
- 2021-05-01
- 2021-03-01
- 2021-02-01
- 2020-11-01
- 2020-08-01
- 2020-07-01
- 2020-06-01
- 2020-05-01
- 2020-04-01
- 2020-03-01
- 2019-12-01
- 2019-11-01
- 2019-09-01
- 2019-08-01
- 2019-07-01
- 2019-06-01
- 2019-04-01
- 2019-02-01
- 2018-12-01
- 2018-11-01
- 2018-10-01
- 2018-08-01
- 2018-07-01
- 2018-06-01
- 2018-04-01
- 2018-02-01
- 2018-01-01
- 2017-11-01
- 2017-10-01
- 2017-09-01
- 2017-08-01
- 2017-06-01
- 2017-03-30
- 2017-03-01
- 2016-12-01
- 2016-09-01
Bicep resource definition
The networkWatchers/packetCaptures resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/networkWatchers/packetCaptures resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Network/networkWatchers/packetCaptures@2016-09-01' = {
  parent: resourceSymbolicName
  name: 'string'
  properties: {
    bytesToCapturePerPacket: int
    filters: [
      {
        localIPAddress: 'string'
        localPort: 'string'
        protocol: 'string'
        remoteIPAddress: 'string'
        remotePort: 'string'
      }
    ]
    storageLocation: {
      filePath: 'string'
      storageId: 'string'
      storagePath: 'string'
    }
    target: 'string'
    timeLimitInSeconds: int
    totalBytesPerSession: int
  }
}
Property Values
Microsoft.Network/networkWatchers/packetCaptures
| Name | Description | Value | 
|---|---|---|
| name | The resource name | string (required) | 
| parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. | Symbolic name for resource of type: networkWatchers | 
| properties | Parameters that define the create packet capture operation. | PacketCaptureParametersOrPacketCaptureResultProperties (required) | 
PacketCaptureFilter
| Name | Description | Value | 
|---|---|---|
| localIPAddress | Local IP Address to be filtered on. Notation: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5"? for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string | 
| localPort | Local port to be filtered on. Notation: "80" for single port entry."80-85" for range. "80;443;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string | 
| protocol | Protocol to be filtered on. | 'Any' 'TCP' 'UDP' | 
| remoteIPAddress | Local IP Address to be filtered on. Notation: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string | 
| remotePort | Remote port to be filtered on. Notation: "80" for single port entry."80-85" for range. "80;443;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string | 
PacketCaptureParametersOrPacketCaptureResultProperties
| Name | Description | Value | 
|---|---|---|
| bytesToCapturePerPacket | Number of bytes captured per packet, the remaining bytes are truncated. | int | 
| filters | PacketCaptureFilter[] | |
| storageLocation | Describes the storage ___location for a packet capture session. | PacketCaptureStorageLocation (required) | 
| target | The ID of the targeted resource, only VM is currently supported. | string (required) | 
| timeLimitInSeconds | Maximum duration of the capture session in seconds. | int | 
| totalBytesPerSession | Maximum size of the capture output. | int | 
PacketCaptureStorageLocation
| Name | Description | Value | 
|---|---|---|
| filePath | A valid local path on the targeting VM. Must include the name of the capture file (*.cap). For linux virtual machine it must start with /var/captures. Required if no storage ID is provided, otherwise optional. | string | 
| storageId | The ID of the storage account to save the packet capture session. Required if no local file path is provided. | string | 
| storagePath | The URI of the storage path to save the packet capture. Must be a well-formed URI describing the ___location to save the packet capture. | string | 
ARM template resource definition
The networkWatchers/packetCaptures resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/networkWatchers/packetCaptures resource, add the following JSON to your template.
{
  "type": "Microsoft.Network/networkWatchers/packetCaptures",
  "apiVersion": "2016-09-01",
  "name": "string",
  "properties": {
    "bytesToCapturePerPacket": "int",
    "filters": [
      {
        "localIPAddress": "string",
        "localPort": "string",
        "protocol": "string",
        "remoteIPAddress": "string",
        "remotePort": "string"
      }
    ],
    "storageLocation": {
      "filePath": "string",
      "storageId": "string",
      "storagePath": "string"
    },
    "target": "string",
    "timeLimitInSeconds": "int",
    "totalBytesPerSession": "int"
  }
}
Property Values
Microsoft.Network/networkWatchers/packetCaptures
| Name | Description | Value | 
|---|---|---|
| apiVersion | The api version | '2016-09-01' | 
| name | The resource name | string (required) | 
| properties | Parameters that define the create packet capture operation. | PacketCaptureParametersOrPacketCaptureResultProperties (required) | 
| type | The resource type | 'Microsoft.Network/networkWatchers/packetCaptures' | 
PacketCaptureFilter
| Name | Description | Value | 
|---|---|---|
| localIPAddress | Local IP Address to be filtered on. Notation: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5"? for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string | 
| localPort | Local port to be filtered on. Notation: "80" for single port entry."80-85" for range. "80;443;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string | 
| protocol | Protocol to be filtered on. | 'Any' 'TCP' 'UDP' | 
| remoteIPAddress | Local IP Address to be filtered on. Notation: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string | 
| remotePort | Remote port to be filtered on. Notation: "80" for single port entry."80-85" for range. "80;443;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string | 
PacketCaptureParametersOrPacketCaptureResultProperties
| Name | Description | Value | 
|---|---|---|
| bytesToCapturePerPacket | Number of bytes captured per packet, the remaining bytes are truncated. | int | 
| filters | PacketCaptureFilter[] | |
| storageLocation | Describes the storage ___location for a packet capture session. | PacketCaptureStorageLocation (required) | 
| target | The ID of the targeted resource, only VM is currently supported. | string (required) | 
| timeLimitInSeconds | Maximum duration of the capture session in seconds. | int | 
| totalBytesPerSession | Maximum size of the capture output. | int | 
PacketCaptureStorageLocation
| Name | Description | Value | 
|---|---|---|
| filePath | A valid local path on the targeting VM. Must include the name of the capture file (*.cap). For linux virtual machine it must start with /var/captures. Required if no storage ID is provided, otherwise optional. | string | 
| storageId | The ID of the storage account to save the packet capture session. Required if no local file path is provided. | string | 
| storagePath | The URI of the storage path to save the packet capture. Must be a well-formed URI describing the ___location to save the packet capture. | string | 
Usage Examples
Terraform (AzAPI provider) resource definition
The networkWatchers/packetCaptures resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/networkWatchers/packetCaptures resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Network/networkWatchers/packetCaptures@2016-09-01"
  name = "string"
  parent_id = "string"
  body = {
    properties = {
      bytesToCapturePerPacket = int
      filters = [
        {
          localIPAddress = "string"
          localPort = "string"
          protocol = "string"
          remoteIPAddress = "string"
          remotePort = "string"
        }
      ]
      storageLocation = {
        filePath = "string"
        storageId = "string"
        storagePath = "string"
      }
      target = "string"
      timeLimitInSeconds = int
      totalBytesPerSession = int
    }
  }
}
Property Values
Microsoft.Network/networkWatchers/packetCaptures
| Name | Description | Value | 
|---|---|---|
| name | The resource name | string (required) | 
| parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: networkWatchers | 
| properties | Parameters that define the create packet capture operation. | PacketCaptureParametersOrPacketCaptureResultProperties (required) | 
| type | The resource type | "Microsoft.Network/networkWatchers/packetCaptures@2016-09-01" | 
PacketCaptureFilter
| Name | Description | Value | 
|---|---|---|
| localIPAddress | Local IP Address to be filtered on. Notation: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5"? for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string | 
| localPort | Local port to be filtered on. Notation: "80" for single port entry."80-85" for range. "80;443;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string | 
| protocol | Protocol to be filtered on. | 'Any' 'TCP' 'UDP' | 
| remoteIPAddress | Local IP Address to be filtered on. Notation: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string | 
| remotePort | Remote port to be filtered on. Notation: "80" for single port entry."80-85" for range. "80;443;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. | string | 
PacketCaptureParametersOrPacketCaptureResultProperties
| Name | Description | Value | 
|---|---|---|
| bytesToCapturePerPacket | Number of bytes captured per packet, the remaining bytes are truncated. | int | 
| filters | PacketCaptureFilter[] | |
| storageLocation | Describes the storage ___location for a packet capture session. | PacketCaptureStorageLocation (required) | 
| target | The ID of the targeted resource, only VM is currently supported. | string (required) | 
| timeLimitInSeconds | Maximum duration of the capture session in seconds. | int | 
| totalBytesPerSession | Maximum size of the capture output. | int | 
PacketCaptureStorageLocation
| Name | Description | Value | 
|---|---|---|
| filePath | A valid local path on the targeting VM. Must include the name of the capture file (*.cap). For linux virtual machine it must start with /var/captures. Required if no storage ID is provided, otherwise optional. | string | 
| storageId | The ID of the storage account to save the packet capture session. Required if no local file path is provided. | string | 
| storagePath | The URI of the storage path to save the packet capture. Must be a well-formed URI describing the ___location to save the packet capture. | string | 
Usage Examples
Terraform Samples
A basic example of deploying Configures Packet Capturing against a Virtual Machine using a Network Watcher.
terraform {
  required_providers {
    azapi = {
      source = "Azure/azapi"
    }
  }
}
provider "azapi" {
  skip_provider_registration = false
}
variable "resource_name" {
  type    = string
  default = "acctest0001"
}
variable "___location" {
  type    = string
  default = "westus"
}
resource "azapi_resource" "resourceGroup" {
  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
  name     = var.resource_name
  ___location = var.___location
}
resource "azapi_resource" "networkWatcher" {
  type      = "Microsoft.Network/networkWatchers@2024-05-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = "${var.resource_name}-nw"
  ___location  = var.___location
}
resource "azapi_resource" "virtualNetwork" {
  type      = "Microsoft.Network/virtualNetworks@2024-05-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = "${var.resource_name}-vnet"
  ___location  = var.___location
  body = {
    properties = {
      addressSpace = {
        addressPrefixes = ["10.0.0.0/16"]
      }
      dhcpOptions = {
        dnsServers = []
      }
      privateEndpointVNetPolicies = "Disabled"
    }
  }
}
resource "azapi_resource" "subnet" {
  type      = "Microsoft.Network/virtualNetworks/subnets@2024-05-01"
  parent_id = azapi_resource.virtualNetwork.id
  name      = "internal"
  body = {
    properties = {
      addressPrefix                     = "10.0.2.0/24"
      defaultOutboundAccess             = true
      delegations                       = []
      privateEndpointNetworkPolicies    = "Disabled"
      privateLinkServiceNetworkPolicies = "Enabled"
      serviceEndpointPolicies           = []
      serviceEndpoints                  = []
    }
  }
}
resource "azapi_resource" "networkInterface" {
  type      = "Microsoft.Network/networkInterfaces@2024-05-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = "${var.resource_name}-nic"
  ___location  = var.___location
  body = {
    properties = {
      enableAcceleratedNetworking = false
      enableIPForwarding          = false
      ipConfigurations = [{
        name = "ipconfig1"
        properties = {
          primary                   = true
          privateIPAddressVersion   = "IPv4"
          privateIPAllocationMethod = "Dynamic"
          subnet = {
            id = azapi_resource.subnet.id
          }
        }
      }]
    }
  }
}
resource "azapi_resource" "virtualMachine" {
  type      = "Microsoft.Compute/virtualMachines@2024-03-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = "${var.resource_name}-vm"
  ___location  = var.___location
  body = {
    properties = {
      hardwareProfile = {
        vmSize = "Standard_B1s"
      }
      networkProfile = {
        networkInterfaces = [{
          id = azapi_resource.networkInterface.id
          properties = {
            primary = true
          }
        }]
      }
      osProfile = {
        adminPassword = "Password1234!"
        adminUsername = "testadmin"
        computerName  = "${var.resource_name}-vm"
        linuxConfiguration = {
          disablePasswordAuthentication = false
        }
      }
      storageProfile = {
        imageReference = {
          offer     = "0001-com-ubuntu-server-jammy"
          publisher = "Canonical"
          sku       = "22_04-lts"
          version   = "latest"
        }
        osDisk = {
          caching      = "ReadWrite"
          createOption = "FromImage"
          managedDisk = {
            storageAccountType = "Standard_LRS"
          }
          name                    = "${var.resource_name}-osdisk"
          writeAcceleratorEnabled = false
        }
      }
    }
  }
}
resource "azapi_resource" "extension" {
  type      = "Microsoft.Compute/virtualMachines/extensions@2024-03-01"
  parent_id = azapi_resource.virtualMachine.id
  name      = "network-watcher"
  ___location  = var.___location
  body = {
    properties = {
      autoUpgradeMinorVersion = true
      enableAutomaticUpgrade  = false
      publisher               = "Microsoft.Azure.NetworkWatcher"
      suppressFailures        = false
      type                    = "NetworkWatcherAgentLinux"
      typeHandlerVersion      = "1.4"
    }
  }
}
resource "azapi_resource" "packetCapture" {
  type      = "Microsoft.Network/networkWatchers/packetCaptures@2024-05-01"
  parent_id = azapi_resource.networkWatcher.id
  name      = "${var.resource_name}-pc"
  body = {
    properties = {
      bytesToCapturePerPacket = 0
      storageLocation = {
        filePath = "/var/captures/packet.cap"
      }
      target               = azapi_resource.virtualMachine.id
      targetType           = "AzureVM"
      timeLimitInSeconds   = 18000
      totalBytesPerSession = 1073741824
    }
  }
}