You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/network-watcher/packet-capture-overview.md
+31-24Lines changed: 31 additions & 24 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,9 +6,8 @@ author: halkazwini
6
6
ms.author: halkazwini
7
7
ms.service: azure-network-watcher
8
8
ms.topic: concept-article
9
-
ms.date: 03/21/2025
9
+
ms.date: 02/24/2026
10
10
11
-
#CustomerIntent: As an administrator, I want to learn about Azure Network Watcher packet capture tool so that I can use it to capture IP packets to and from virtual machines (VMs) and scale sets to diagnose and solve network problems.
12
11
# Customer intent: As an administrator, I want to understand the features and configurations of the packet capture tool in Azure Network Watcher, so that I can effectively diagnose network issues and monitor traffic on my virtual machines.
13
12
---
14
13
@@ -26,27 +25,19 @@ You can trigger packet captures through the portal, PowerShell, Azure CLI, or RE
26
25
> -[Network Watcher Agent VM extension for Linux](network-watcher-agent-linux.md).
27
26
> -[Update Network Watcher extension to the latest version](network-watcher-agent-update.md).
28
27
29
-
## Capture configuration
30
-
31
-
To control the size of captured data, use the following options:
32
-
33
-
| Property | Description |
34
-
| -------- | ----------- |
35
-
|**Maximum bytes per packet (bytes)**| The number of bytes from each packet. All bytes are captured if left blank. Enter 34 if you only need to capture IPv4 header. |
36
-
|**Maximum bytes per session (bytes)**| Total number of bytes that are captured, once the value is reached the session ends. |
37
-
|**Time limit (seconds)**| Packet capture session time limit, once the value is reached the session ends. The default value is 18000 seconds (5 hours). |
28
+
## Continuous packet capture (preview)
38
29
39
-
## Continuous Packet Capture (Preview)
30
+
> [!IMPORTANT]
31
+
> Continuous packet capture is currently in PREVIEW.
32
+
> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
40
33
41
-
> [!NOTE]
42
-
> This feature is currently in public preview. Functionality and limitations may change before general availability.
34
+
Continuous packet capture allows you to persistently monitor network traffic using a ring buffer–based mechanism. Unlike standard packet captures that stop after reaching a specific time or file size, continuous capture is designed to run over extended durations, making it ideal for diagnosing intermittent or long-tail issues. Currently, you can configure continuous packet capture using the [Azure Portal](packet-capture-manage.md?tabs=portal#start-a-packet-capture)
43
35
44
-
Continuous packet capture allows you to persistently monitor network traffic using a ring buffer–based mechanism. Unlike standard packet captures that stop after reaching a specific time or file size, continuous capture is designed to run over extended durations, making it ideal for diagnosing intermittent or long-tail issues. Currently, you can configure continuous packet capture using the [Azure Portal](/network-watcher/packet-capture-manage?tabs=portal#start-a-packet-capture)
36
+
### How it works
45
37
46
-
### How It Works
47
38
When continuous packet capture is enabled:
48
39
49
-
- Captured packets are written to a rotating set of files on the target VM’s local storage or storage account.
40
+
- Captured packets are written to a rotating set of files on the target VM's local storage or storage account.
50
41
51
42
- You can configure the maximum number of files and the size of each file.
52
43
@@ -56,17 +47,23 @@ When continuous packet capture is enabled:
56
47
57
48
This ring buffer–style storage helps reduce manual intervention and avoid excessive storage consumption while ensuring that recent traffic is always available for review.
58
49
59
-
### Considerations
60
-
61
-
- Continuous capture is available only for supported VM and VMSS SKUs and regions.
50
+
## Capture configuration
62
51
63
-
- Ensure the target VM has sufficient space, or the connected storage account has appropriate quota to accommodate capture data.
52
+
To control the size of captured data, use the following options:
64
53
65
-
- Captures with high packet volumes may generate large data sizes quickly. Choose file size and count accordingly to manage buffer length and retention.
54
+
| Property | Description |
55
+
| -------- | ----------- |
56
+
|**Maximum bytes per packet (bytes)**| The number of bytes from each packet. All bytes are captured if left blank. Enter 34 if you only need to capture IPv4 header. |
57
+
|**Time limit per session (seconds)**| Packet capture session time limit, once the value is reached the session ends. The default value is 18000 seconds (5 hours). |
66
58
67
-
- When using filters, ensure that relevant ports, IPs, and protocols are captured to optimize storage and analysis.
59
+
If you're using continuous capture (preview), use the following options to control the size of captured data:
68
60
69
-
For step-by-step guidance, see [Manage packet captures](/azure/network-watcher/packet-capture-manage)
61
+
| Property | Description |
62
+
| -------- | ----------- |
63
+
|**Maximum bytes per packet (bytes)**| The number of bytes from each packet. All bytes are captured if left blank or set to 0. Enter 34 if you only need to capture IPv4 header. |
64
+
|**New files created**| Total files that can be created. The default value is 10. The maximum value is 10,000.|
65
+
|**Bytes per file**| Total number of bytes per file. The default value is 100 MB. The maximum value is 4 GB. |
66
+
|**Time limit per session (seconds)**| Packet capture session time limit, once the value is reached the session ends. The default value is 86400 seconds (1 day). The maximum value is 604800 seconds (7 days). |
70
67
71
68
## Filtering (optional)
72
69
@@ -86,6 +83,16 @@ Use filters to capture only the traffic that you want to monitor. Filters are ba
86
83
87
84
- Packet capture uses shared access signature (SAS) tokens to access the storage account. Key access must be enabled on the storage account to authorize packet capture's SAS tokens. If key access isn't enabled, packet captures can only be saved to the virtual machine's local disk.
88
85
86
+
- When using filters, ensure that relevant ports, IPs, and protocols are captured to optimize storage and analysis.
87
+
88
+
### Continuous capture Considerations
89
+
90
+
- Continuous capture is available only for supported VM and VMSS SKUs and regions.
91
+
92
+
- Ensure the target VM has sufficient space, or the connected storage account has appropriate quota to accommodate capture data.
93
+
94
+
- Captures with high packet volumes may generate large data sizes quickly. Choose file size and count accordingly to manage buffer length and retention.
95
+
89
96
## Related content
90
97
91
98
- To learn how to manage packet captures, see [Manage packet captures with Azure Network Watcher](packet-capture-manage.md).
0 commit comments