Frequently asked questions (FAQ) about Azure Network Watcher | Microsoft Learn

Monitoring
- Topology view shows you the resources in your virtual network and the relationships between them.
- Connection Monitor allows you to monitor connectivity and latency between a VM and another network resource.
- Network performance monitor allows you to monitor connectivity and latencies across hybrid network architectures, Expressroute circuits, and service/application endpoints.

Diagnostics
- IP Flow Verify allows you to detect traffic filtering issues at a VM level.
- Next Hop helps you verify traffic routes and detect routing issues.
- Connection Troubleshoot enables a one-time connectivity and latency check between a VM and another network resource.
- Packet Capture enables you to capture all traffic on a VM in your virtual network.
- VPN Troubleshoot runs multiple diagnostics checks on your VPN gateways and connections to help debug issues.

Logging
- NSG Flow Logs allows you to log all traffic in your Network Security Groups (NSGs)
- Traffic Analytics processes your NSG Flow Log data enabling you to visualize, query, analyze, and understand your network traffic.

VM
linuxwesteurope01, vnet004798, default2 (10.1.0.0/24)

Network watcher

Network diagnostics tools
Cmd to get google Ipv4
ping www.google.no -4
Pinging www.google.no [142.250.147.94] with 32 bytes of data:
Reply from 142.250.147.94: bytes=32 time=31ms TTL=107
Connection troubleshoot
Network Watcher | Connection troubleshoot
Connection Troubleshoot provides the capability to check a direct TCP or ICMP connection from a virtual machine (VM), application Gateway, or Bastion host to a VM, fully qualified domain name (FQDN), URI, or IPv4 address.
IP Flow verify
Network Watcher | IP flow verify
Checks if a packet is allowed or denied from a virtual machine based on 5-tuple information.
The information consists of direction, protocol, local IP, remote IP, local port, and a remote port.

The security group decision and the name of the rule that denied the packet will be returned.

Swap the rule from outbound to inbound

Next Hop
Network Watcher | Next hop
Next Hop provides the next hop from the target virtual machine to the destination IP address.
Traffic from a virtual machine (VM) is sent to a destination based on the effective routes associated with a network interface (NIC).
Next hop gets the next hop type and IP address of a packet from a specific VM and NIC.
Knowing the next hop helps you determine if traffic is being directed to the intended destination, or whether the traffic is being sent nowhere.
An improper configuration of routes, where traffic is directed to an on-premises location, or a virtual appliance, can lead to connectivity issues.

Next hop also returns the route table associated with the next hop. If the route is defined as a user-defined route, that route is returned. Otherwise, next hop returns System Route.

Packet capture
Network Watcher | Packet capture
Packet capture allows you to create packet capture sessions to track traffic to and from a virtual machine.
Packet capture helps to diagnose network anomalies both reactively and proactively. Other uses include gathering network statistics, gaining information on network intrusions, to debug client-server communications and much more.
Manage packet captures in VMs with Azure Network Watcher – Azure portal | Microsoft Learn
So we made a capture like this

The we did a ssh -l user and ip to connect to the linux vm, before the 30 sec was past, and also did a ping to google after we were logged in.
After 30 sec, it was stopped, and the cap if ready for download.

Down on the page is the file ready for download

Install wireshark and open the file

Lets search for the ssh connection
Lets see if it captured the ping to google within 30 sec.
# filer wireshark
ip.addr == our-public-ipadr
The connection success

It was not enough time to capture the google ping packet.