Merge pull request #312197 from halkazwini/nw-capture

Continuous capture

Author: v-regandowner

articles/network-watcher/packet-capture-overview.md

@@ -6,15 +6,14 @@ author: halkazwini
 ms.author: halkazwini
 ms.service: azure-network-watcher
 ms.topic: concept-article
-ms.date: 03/21/2025
+ms.date: 02/24/2026
 
-#CustomerIntent: As an administrator, I want to learn about Azure Network Watcher packet capture tool so that I can use it to capture IP packets to and from virtual machines (VMs) and scale sets to diagnose and solve network problems.
 # Customer intent: As an administrator, I want to understand the features and configurations of the packet capture tool in Azure Network Watcher, so that I can effectively diagnose network issues and monitor traffic on my virtual machines.
 ---
 
 # Packet capture overview
 
-Azure Network Watcher packet capture allows you to create packet capture sessions to track traffic to and from a virtual machine (VM) or a scale set. Packet capture helps to diagnose network anomalies both reactively and proactively. Other uses include gathering network statistics, gaining information on network intrusions, debugging client-server communications and more.
+Azure Network Watcher packet capture allows you to create packet capture sessions to track traffic to and from a virtual machine (VM) or a scale set. Packet capture helps to diagnose network anomalies both reactively and proactively. Other uses include gathering network statistics, gaining information on network intrusions, debugging client-server communications, and more.
 
 Packet capture is an extension that is remotely started through Network Watcher. This capability saves time and eases the burden of running a packet capture manually on the desired virtual machine or virtual machine scale set instances.
 
@@ -26,15 +25,45 @@ You can trigger packet captures through the portal, PowerShell, Azure CLI, or RE
 > - [Network Watcher Agent VM extension for Linux](network-watcher-agent-linux.md).
 > - [Update Network Watcher extension to the latest version](network-watcher-agent-update.md).
 
+## Continuous packet capture (preview) 
+
+> [!IMPORTANT]
+> Continuous packet capture is currently in PREVIEW.
+> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
+
+Continuous packet capture allows you to persistently monitor network traffic using a ring buffer–based mechanism. Unlike standard packet captures that stop after reaching a specific time or file size, continuous capture is designed to run over extended durations, making it ideal for diagnosing intermittent or long-tail issues. Currently, you can configure continuous packet capture using the [Azure portal](packet-capture-manage.md?tabs=portal#start-a-packet-capture).
+
+### How it works
+
+When continuous packet capture is enabled: 
+
+- Captured packets are written to a rotating set of files on the target VM's local storage or storage account.
+ 
+- You can configure the maximum number of files and the size of each file. 
+
+- Once the file count limit is reached, the oldest file is automatically deleted to allow space for new packets, maintaining a continuous stream of recent data. 
+
+- The capture runs for the user-specified time duration, or a maximum of seven days, whichever is earlier. 
+
+This ring buffer–style storage helps reduce manual intervention and avoid excessive storage consumption while ensuring that recent traffic is always available for review. 
+
 ## Capture configuration
 
 To control the size of captured data, use the following options:
 
 | Property | Description |
 | -------- | ----------- |
 | **Maximum bytes per packet (bytes)** | The number of bytes from each packet. All bytes are captured if left blank. Enter 34 if you only need to capture IPv4 header. |
-| **Maximum bytes per session (bytes)** | Total number of bytes that are captured, once the value is reached the session ends. |
-| **Time limit (seconds)** | Packet capture session time limit, once the value is reached the session ends. The default value is 18000 seconds (5 hours). |
+| **Time limit per session (seconds)** | Packet capture session time limit. Once the value is reached, the session ends. The default value is 18000 seconds (5 hours). |
+
+If you're using continuous capture (preview), use the following options to control the size of captured data:
+
+| Property | Description |
+| -------- | ----------- |
+| **Maximum bytes per packet (bytes)** | The number of bytes from each packet. All bytes are captured if left blank or set to 0. Enter 34 if you only need to capture IPv4 header. |
+| **New files created** | Total files that can be created. The default value is 10. The maximum value is 10,000.|
+| **Bytes per file** | Total number of bytes per file. The default value is 100 MB. The maximum value is 4 GB. |
+| **Time limit per session (seconds)** | Packet capture session time limit. Once the value is reached, the session ends. The default value is 86400 seconds (1 day). The maximum value is 604800 seconds (7 days). |
 
 ## Filtering (optional)
 
@@ -54,6 +83,18 @@ Use filters to capture only the traffic that you want to monitor. Filters are ba
 
 - Packet capture uses shared access signature (SAS) tokens to access the storage account. Key access must be enabled on the storage account to authorize packet capture's SAS tokens. If key access isn't enabled, packet captures can only be saved to the virtual machine's local disk.
 
+- When using filters, ensure that relevant ports, IPs, and protocols are captured to optimize storage and analysis. 
+
+### Continuous capture considerations
+
+In addition to the previous considerations, keep the following considerations in mind when using continuous packet capture (preview):
+
+- Continuous capture is available only for supported VM and virtual machine scale set SKUs and regions. 
+
+- The target VM must have sufficient space, or the connected storage account must have appropriate quota to accommodate capture data. 
+
+- Captures with high packet volumes might generate large data sizes quickly. Choose file size and count accordingly to manage buffer length and retention. 
+
 ## Related content
 
 - To learn how to manage packet captures, see [Manage packet captures with Azure Network Watcher](packet-capture-manage.md).