Skip to content

Azure network watcher

Frequently asked questions (FAQ) about Azure Network Watcher | Microsoft Learn


  • Topology view shows you the resources in your virtual network and the relationships between them.
  • Connection Monitor allows you to monitor connectivity and latency between a VM and another network resource.
  • Network performance monitor allows you to monitor connectivity and latencies across hybrid network architectures, Expressroute circuits, and service/application endpoints.


  • IP Flow Verify allows you to detect traffic filtering issues at a VM level.
  • Next Hop helps you verify traffic routes and detect routing issues.
  • Connection Troubleshoot enables a one-time connectivity and latency check between a VM and another network resource.
  • Packet Capture enables you to capture all traffic on a VM in your virtual network.
  • VPN Troubleshoot runs multiple diagnostics checks on your VPN gateways and connections to help debug issues.


    • NSG Flow Logs allows you to log all traffic in your Network Security Groups (NSGs)
    • Traffic Analytics processes your NSG Flow Log data enabling you to visualize, query, analyze, and understand your network traffic.


    linuxwesteurope01, vnet004798, default2 (

    Network watcher

    Network diagnostics tools

    Cmd to get google Ipv4

    ping -4
    Pinging [] with 32 bytes of data:
    Reply from bytes=32 time=31ms TTL=107

    Connection troubleshoot

    Network Watcher | Connection troubleshoot

    Connection Troubleshoot provides the capability to check a direct TCP or ICMP connection from a virtual machine (VM), application Gateway, or Bastion host to a VM, fully qualified domain name (FQDN), URI, or IPv4 address.

    IP Flow verify

    Network Watcher | IP flow verify
    Checks if a packet is allowed or denied from a virtual machine based on 5-tuple information.

    The information consists of direction, protocol, local IP, remote IP, local port, and a remote port.

    The security group decision and the name of the rule that denied the packet will be returned.

    Swap the rule from outbound to inbound

    Next Hop

    Network Watcher | Next hop

    Next Hop provides the next hop from the target virtual machine to the destination IP address.

    Traffic from a virtual machine (VM) is sent to a destination based on the effective routes associated with a network interface (NIC).

    Next hop gets the next hop type and IP address of a packet from a specific VM and NIC.

    Knowing the next hop helps you determine if traffic is being directed to the intended destination, or whether the traffic is being sent nowhere.

    An improper configuration of routes, where traffic is directed to an on-premises location, or a virtual appliance, can lead to connectivity issues.

    Next hop also returns the route table associated with the next hop. If the route is defined as a user-defined route, that route is returned. Otherwise, next hop returns System Route.

    Packet capture

    Network Watcher | Packet capture

    Packet capture allows you to create packet capture sessions to track traffic to and from a virtual machine.

    Packet capture helps to diagnose network anomalies both reactively and proactively. Other uses include gathering network statistics, gaining information on network intrusions, to debug client-server communications and much more.

    Manage packet captures in VMs with Azure Network Watcher – Azure portal | Microsoft Learn

    So we made a capture like this

    The we did a ssh -l user and ip to connect to the linux vm, before the 30 sec was past, and also did a ping to google after we were logged in.

    After 30 sec, it was stopped, and the cap if ready for download.

    Down on the page is the file ready for download

    Install wireshark and open the file

    Lets search for the ssh connection

    Lets see if it captured the ping to google within 30 sec.

    # filer wireshark
    ip.addr == our-public-ipadr

    The connection success

    It was not enough time to capture the google ping packet.

    Published inazureInformationNetworking and Security