Network Watcher
Network Watcher provides monitoring and diagnostic capabilities for Azure networking resources. It enables visibility into the network topology, packet capture, connection troubleshooting, and more.
Overview
Network Watcher helps you maintain a reliable, high‑performance network in Azure. Key components include:
- Topology – visual network layout.
- Connection Monitor – end‑to‑end path monitoring.
- Packet Capture – traffic inspection.
- IP Flow Verify – rule evaluation.
- Network Security Group (NSG) diagnostics.
Getting Started
Enable Network Watcher in a region using Azure CLI:
az network watcher configure \
--resource-group MyResourceGroup \
--locations eastus \
--enabled trueFeatures
Topology
Generate a visual map of your virtual network and its connections.
az network watcher topology \
--resource-group MyResourceGroup \
--location eastusConnection Monitor
Continuously monitor connectivity between two endpoints.
az network watcher connection-monitor create \
--name MyConnMonitor \
--resource-group MyResourceGroup \
--location eastus \
--source-resource MyVM \
--dest-address 8.8.8.8 \
--dest-port 53Configuration
Network Watcher settings are stored per region. Use the Azure portal or CLI to adjust thresholds, alerts, and storage accounts for logs.
Diagnostics
Capture packets on a VM NIC for detailed analysis:
az network watcher packet-capture create \
--resource-group MyResourceGroup \
--vm MyVM \
--storage-account mystorage \
--capture-size 100SDK & API
Integrate Network Watcher programmatically via Azure SDKs.
const { NetworkManagementClient } = require("@azure/arm-network");
const client = new NetworkManagementClient(credential, subscriptionId);
await client.networkWatchers.get("eastus", "myWatcher");FAQ
- Is Network Watcher free?
- Network Watcher itself is free; you pay for resources like storage used for packet captures.
- Can I use Network Watcher across multiple regions?
- Enable it separately in each region you want to monitor.