Network Watcher PowerShell Reference

This section provides comprehensive documentation for using Azure Network Watcher with PowerShell. Learn how to monitor, diagnose, and view metrics for your Azure network resources.

Note: Network Watcher is a regional service. You can enable or disable it on a virtual machine-by-virtual machine basis.

Core Network Watcher Cmdlets

Network Watcher offers a rich set of PowerShell cmdlets for managing and analyzing network traffic and configurations.

Connection Monitor

Use Connection Monitor to monitor the health of network paths from a virtual machine. It helps you troubleshoot connectivity issues by providing network topology information.

  • Get-AzNetworkWatcherConnectionMonitor
        -NetworkWatcherName "MyNetworkWatcher"
        -ResourceGroupName "MyResourceGroup"
  • New-AzNetworkWatcherConnectionMonitor
        -NetworkWatcherName "MyNetworkWatcher"
        -ResourceGroupName "MyResourceGroup"
        -Name "MyConnectionMonitor"
        -Endpoint
          @{Name="Endpoint1"; ResourceId="/subscriptions/YOUR_SUBSCRIPTION_ID/resourceGroups/MyResourceGroup/providers/Microsoft.Network/virtualMachines/VM1"}
        -Endpoint
          @{Name="Endpoint2"; Address="8.8.8.8"; Port=53}
        -IntervalInSeconds 60
  • Remove-AzNetworkWatcherConnectionMonitor
        -NetworkWatcherName "MyNetworkWatcher"
        -ResourceGroupName "MyResourceGroup"
        -Name "MyConnectionMonitor"

IP Flow Verify

IP Flow Verify helps you determine traffic flow to and from a virtual machine. It checks whether traffic is allowed or denied based on network security group rules.

  • Get-AzNetworkWatcherIPFlow
        -NetworkWatcherName "MyNetworkWatcher"
        -ResourceGroupName "MyResourceGroup"
        -Direction Inbound
        -Protocol TCP
        -LocalPort 80
        -RemotePort 12345
        -LocalIPAddress 10.0.0.4
        -RemoteIPAddress 1.2.3.4

Next Hop

The Next Hop feature determines the next hop from a virtual machine to a specified destination IP address. This is useful for troubleshooting routing issues.

  • Get-AzNetworkWatcherNextHop
        -NetworkWatcherName "MyNetworkWatcher"
        -ResourceGroupName "MyResourceGroup"
        -TargetVirtualMachineId "VM1_ID"
        -DestinationIPAddress "8.8.8.8"

Packet Capture

Capture network traffic to and from a virtual machine. This can be invaluable for deep network diagnostics.

Cmdlet Description
New-AzNetworkWatcherPacketCapture Starts a new packet capture session on a VM.
Get-AzNetworkWatcherPacketCapture Retrieves status and details of an ongoing or completed packet capture.
Stop-AzNetworkWatcherPacketCapture Stops an ongoing packet capture session.
Remove-AzNetworkWatcherPacketCapture Removes a packet capture session and its associated data.

Troubleshooting and Diagnostics

Network Watcher provides several tools to help you diagnose network issues:

  • Network Configuration Diagnostic: Checks NSG rules, UDRs, and other network configurations.
    • Test-AzNetworkWatcherConnectivity
          -NetworkWatcherName "MyNetworkWatcher"
          -ResourceGroupName "MyResourceGroup"
          -SourceId "VM1_ID"
          -DestinationAddress "google.com"
          -DestinationPort 80
  • Network Security Group Flow Logs: Analyze traffic that is allowed or denied by NSGs.
    Tip: Ensure NSG flow logs are enabled for effective analysis.

Prerequisites

Before you can use these cmdlets, ensure you have:

  1. Installed the Azure Az PowerShell module.
  2. Connected to your Azure account using Connect-AzAccount.
  3. Enabled Network Watcher in the desired region.
Important: Always refer to the latest Azure documentation for the most up-to-date cmdlet syntax and parameters.

Explore the following topics for more in-depth information: