Share via


Microsoft.Network networkWatchers/packetCaptures 2019-12-01

Bicep resource definition

The networkWatchers/packetCaptures resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/networkWatchers/packetCaptures resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Network/networkWatchers/packetCaptures@2019-12-01' = {
  parent: resourceSymbolicName
  name: 'string'
  properties: {
    bytesToCapturePerPacket: int
    filters: [
      {
        localIPAddress: 'string'
        localPort: 'string'
        protocol: 'string'
        remoteIPAddress: 'string'
        remotePort: 'string'
      }
    ]
    storageLocation: {
      filePath: 'string'
      storageId: 'string'
      storagePath: 'string'
    }
    target: 'string'
    timeLimitInSeconds: int
    totalBytesPerSession: int
  }
}

Property Values

Microsoft.Network/networkWatchers/packetCaptures

Name Description Value
name The resource name string (required)
parent In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.

For more information, see Child resource outside parent resource.
Symbolic name for resource of type: networkWatchers
properties Properties of the packet capture. PacketCaptureParametersOrPacketCaptureResultProperties (required)

PacketCaptureFilter

Name Description Value
localIPAddress Local IP Address to be filtered on. Notation: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5"? for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. string
localPort Local port to be filtered on. Notation: "80" for single port entry."80-85" for range. "80;443;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. string
protocol Protocol to be filtered on. 'Any'
'TCP'
'UDP'
remoteIPAddress Local IP Address to be filtered on. Notation: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. string
remotePort Remote port to be filtered on. Notation: "80" for single port entry."80-85" for range. "80;443;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. string

PacketCaptureParametersOrPacketCaptureResultProperties

Name Description Value
bytesToCapturePerPacket Number of bytes captured per packet, the remaining bytes are truncated. int
filters A list of packet capture filters. PacketCaptureFilter[]
storageLocation The storage ___location for a packet capture session. PacketCaptureStorageLocation (required)
target The ID of the targeted resource, only VM is currently supported. string (required)
timeLimitInSeconds Maximum duration of the capture session in seconds. int
totalBytesPerSession Maximum size of the capture output. int

PacketCaptureStorageLocation

Name Description Value
filePath A valid local path on the targeting VM. Must include the name of the capture file (*.cap). For linux virtual machine it must start with /var/captures. Required if no storage ID is provided, otherwise optional. string
storageId The ID of the storage account to save the packet capture session. Required if no local file path is provided. string
storagePath The URI of the storage path to save the packet capture. Must be a well-formed URI describing the ___location to save the packet capture. string

ARM template resource definition

The networkWatchers/packetCaptures resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/networkWatchers/packetCaptures resource, add the following JSON to your template.

{
  "type": "Microsoft.Network/networkWatchers/packetCaptures",
  "apiVersion": "2019-12-01",
  "name": "string",
  "properties": {
    "bytesToCapturePerPacket": "int",
    "filters": [
      {
        "localIPAddress": "string",
        "localPort": "string",
        "protocol": "string",
        "remoteIPAddress": "string",
        "remotePort": "string"
      }
    ],
    "storageLocation": {
      "filePath": "string",
      "storageId": "string",
      "storagePath": "string"
    },
    "target": "string",
    "timeLimitInSeconds": "int",
    "totalBytesPerSession": "int"
  }
}

Property Values

Microsoft.Network/networkWatchers/packetCaptures

Name Description Value
apiVersion The api version '2019-12-01'
name The resource name string (required)
properties Properties of the packet capture. PacketCaptureParametersOrPacketCaptureResultProperties (required)
type The resource type 'Microsoft.Network/networkWatchers/packetCaptures'

PacketCaptureFilter

Name Description Value
localIPAddress Local IP Address to be filtered on. Notation: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5"? for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. string
localPort Local port to be filtered on. Notation: "80" for single port entry."80-85" for range. "80;443;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. string
protocol Protocol to be filtered on. 'Any'
'TCP'
'UDP'
remoteIPAddress Local IP Address to be filtered on. Notation: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. string
remotePort Remote port to be filtered on. Notation: "80" for single port entry."80-85" for range. "80;443;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. string

PacketCaptureParametersOrPacketCaptureResultProperties

Name Description Value
bytesToCapturePerPacket Number of bytes captured per packet, the remaining bytes are truncated. int
filters A list of packet capture filters. PacketCaptureFilter[]
storageLocation The storage ___location for a packet capture session. PacketCaptureStorageLocation (required)
target The ID of the targeted resource, only VM is currently supported. string (required)
timeLimitInSeconds Maximum duration of the capture session in seconds. int
totalBytesPerSession Maximum size of the capture output. int

PacketCaptureStorageLocation

Name Description Value
filePath A valid local path on the targeting VM. Must include the name of the capture file (*.cap). For linux virtual machine it must start with /var/captures. Required if no storage ID is provided, otherwise optional. string
storageId The ID of the storage account to save the packet capture session. Required if no local file path is provided. string
storagePath The URI of the storage path to save the packet capture. Must be a well-formed URI describing the ___location to save the packet capture. string

Usage Examples

Terraform (AzAPI provider) resource definition

The networkWatchers/packetCaptures resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/networkWatchers/packetCaptures resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Network/networkWatchers/packetCaptures@2019-12-01"
  name = "string"
  parent_id = "string"
  body = {
    properties = {
      bytesToCapturePerPacket = int
      filters = [
        {
          localIPAddress = "string"
          localPort = "string"
          protocol = "string"
          remoteIPAddress = "string"
          remotePort = "string"
        }
      ]
      storageLocation = {
        filePath = "string"
        storageId = "string"
        storagePath = "string"
      }
      target = "string"
      timeLimitInSeconds = int
      totalBytesPerSession = int
    }
  }
}

Property Values

Microsoft.Network/networkWatchers/packetCaptures

Name Description Value
name The resource name string (required)
parent_id The ID of the resource that is the parent for this resource. ID for resource of type: networkWatchers
properties Properties of the packet capture. PacketCaptureParametersOrPacketCaptureResultProperties (required)
type The resource type "Microsoft.Network/networkWatchers/packetCaptures@2019-12-01"

PacketCaptureFilter

Name Description Value
localIPAddress Local IP Address to be filtered on. Notation: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5"? for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. string
localPort Local port to be filtered on. Notation: "80" for single port entry."80-85" for range. "80;443;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. string
protocol Protocol to be filtered on. 'Any'
'TCP'
'UDP'
remoteIPAddress Local IP Address to be filtered on. Notation: "127.0.0.1" for single address entry. "127.0.0.1-127.0.0.255" for range. "127.0.0.1;127.0.0.5;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. string
remotePort Remote port to be filtered on. Notation: "80" for single port entry."80-85" for range. "80;443;" for multiple entries. Multiple ranges not currently supported. Mixing ranges with multiple entries not currently supported. Default = null. string

PacketCaptureParametersOrPacketCaptureResultProperties

Name Description Value
bytesToCapturePerPacket Number of bytes captured per packet, the remaining bytes are truncated. int
filters A list of packet capture filters. PacketCaptureFilter[]
storageLocation The storage ___location for a packet capture session. PacketCaptureStorageLocation (required)
target The ID of the targeted resource, only VM is currently supported. string (required)
timeLimitInSeconds Maximum duration of the capture session in seconds. int
totalBytesPerSession Maximum size of the capture output. int

PacketCaptureStorageLocation

Name Description Value
filePath A valid local path on the targeting VM. Must include the name of the capture file (*.cap). For linux virtual machine it must start with /var/captures. Required if no storage ID is provided, otherwise optional. string
storageId The ID of the storage account to save the packet capture session. Required if no local file path is provided. string
storagePath The URI of the storage path to save the packet capture. Must be a well-formed URI describing the ___location to save the packet capture. string

Usage Examples

Terraform Samples

A basic example of deploying Configures Packet Capturing against a Virtual Machine using a Network Watcher.

terraform {
  required_providers {
    azapi = {
      source = "Azure/azapi"
    }
  }
}

provider "azapi" {
  skip_provider_registration = false
}

variable "resource_name" {
  type    = string
  default = "acctest0001"
}

variable "___location" {
  type    = string
  default = "westus"
}

resource "azapi_resource" "resourceGroup" {
  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
  name     = var.resource_name
  ___location = var.___location
}

resource "azapi_resource" "networkWatcher" {
  type      = "Microsoft.Network/networkWatchers@2024-05-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = "${var.resource_name}-nw"
  ___location  = var.___location
}

resource "azapi_resource" "virtualNetwork" {
  type      = "Microsoft.Network/virtualNetworks@2024-05-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = "${var.resource_name}-vnet"
  ___location  = var.___location
  body = {
    properties = {
      addressSpace = {
        addressPrefixes = ["10.0.0.0/16"]
      }
      dhcpOptions = {
        dnsServers = []
      }
      privateEndpointVNetPolicies = "Disabled"
    }
  }
}

resource "azapi_resource" "subnet" {
  type      = "Microsoft.Network/virtualNetworks/subnets@2024-05-01"
  parent_id = azapi_resource.virtualNetwork.id
  name      = "internal"
  body = {
    properties = {
      addressPrefix                     = "10.0.2.0/24"
      defaultOutboundAccess             = true
      delegations                       = []
      privateEndpointNetworkPolicies    = "Disabled"
      privateLinkServiceNetworkPolicies = "Enabled"
      serviceEndpointPolicies           = []
      serviceEndpoints                  = []
    }
  }
}

resource "azapi_resource" "networkInterface" {
  type      = "Microsoft.Network/networkInterfaces@2024-05-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = "${var.resource_name}-nic"
  ___location  = var.___location
  body = {
    properties = {
      enableAcceleratedNetworking = false
      enableIPForwarding          = false
      ipConfigurations = [{
        name = "ipconfig1"
        properties = {
          primary                   = true
          privateIPAddressVersion   = "IPv4"
          privateIPAllocationMethod = "Dynamic"
          subnet = {
            id = azapi_resource.subnet.id
          }
        }
      }]
    }
  }
}

resource "azapi_resource" "virtualMachine" {
  type      = "Microsoft.Compute/virtualMachines@2024-03-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = "${var.resource_name}-vm"
  ___location  = var.___location
  body = {
    properties = {
      hardwareProfile = {
        vmSize = "Standard_B1s"
      }
      networkProfile = {
        networkInterfaces = [{
          id = azapi_resource.networkInterface.id
          properties = {
            primary = true
          }
        }]
      }
      osProfile = {
        adminPassword = "Password1234!"
        adminUsername = "testadmin"
        computerName  = "${var.resource_name}-vm"
        linuxConfiguration = {
          disablePasswordAuthentication = false
        }
      }
      storageProfile = {
        imageReference = {
          offer     = "0001-com-ubuntu-server-jammy"
          publisher = "Canonical"
          sku       = "22_04-lts"
          version   = "latest"
        }
        osDisk = {
          caching      = "ReadWrite"
          createOption = "FromImage"
          managedDisk = {
            storageAccountType = "Standard_LRS"
          }
          name                    = "${var.resource_name}-osdisk"
          writeAcceleratorEnabled = false
        }
      }
    }
  }
}

resource "azapi_resource" "extension" {
  type      = "Microsoft.Compute/virtualMachines/extensions@2024-03-01"
  parent_id = azapi_resource.virtualMachine.id
  name      = "network-watcher"
  ___location  = var.___location
  body = {
    properties = {
      autoUpgradeMinorVersion = true
      enableAutomaticUpgrade  = false
      publisher               = "Microsoft.Azure.NetworkWatcher"
      suppressFailures        = false
      type                    = "NetworkWatcherAgentLinux"
      typeHandlerVersion      = "1.4"
    }
  }
}

resource "azapi_resource" "packetCapture" {
  type      = "Microsoft.Network/networkWatchers/packetCaptures@2024-05-01"
  parent_id = azapi_resource.networkWatcher.id
  name      = "${var.resource_name}-pc"
  body = {
    properties = {
      bytesToCapturePerPacket = 0
      storageLocation = {
        filePath = "/var/captures/packet.cap"
      }
      target               = azapi_resource.virtualMachine.id
      targetType           = "AzureVM"
      timeLimitInSeconds   = 18000
      totalBytesPerSession = 1073741824
    }
  }
}