Frequently asked questions (FAQ) about Azure Network Watcher | Microsoft Learn





linuxwesteurope01, vnet004798, default2 (

Network watcher

Network diagnostics tools

Cmd to get google Ipv4

ping -4

Pinging [] with 32 bytes of data:
Reply from bytes=32 time=31ms TTL=107

Connection troubleshoot

Network Watcher | Connection troubleshoot

Connection Troubleshoot provides the capability to check a direct TCP or ICMP connection from a virtual machine (VM), application Gateway, or Bastion host to a VM, fully qualified domain name (FQDN), URI, or IPv4 address.

IP Flow verify

Network Watcher | IP flow verify
Checks if a packet is allowed or denied from a virtual machine based on 5-tuple information.

The information consists of direction, protocol, local IP, remote IP, local port, and a remote port.

The security group decision and the name of the rule that denied the packet will be returned.

Swap the rule from outbound to inbound

Next Hop

Network Watcher | Next hop

Next Hop provides the next hop from the target virtual machine to the destination IP address.

Traffic from a virtual machine (VM) is sent to a destination based on the effective routes associated with a network interface (NIC).

Next hop gets the next hop type and IP address of a packet from a specific VM and NIC.

Knowing the next hop helps you determine if traffic is being directed to the intended destination, or whether the traffic is being sent nowhere.

An improper configuration of routes, where traffic is directed to an on-premises location, or a virtual appliance, can lead to connectivity issues.

Next hop also returns the route table associated with the next hop. If the route is defined as a user-defined route, that route is returned. Otherwise, next hop returns System Route.

Packet capture

Network Watcher | Packet capture

Packet capture allows you to create packet capture sessions to track traffic to and from a virtual machine.

Packet capture helps to diagnose network anomalies both reactively and proactively. Other uses include gathering network statistics, gaining information on network intrusions, to debug client-server communications and much more.

Manage packet captures in VMs with Azure Network Watcher – Azure portal | Microsoft Learn

So we made a capture like this

The we did a ssh -l user and ip to connect to the linux vm, before the 30 sec was past, and also did a ping to google after we were logged in.

After 30 sec, it was stopped, and the cap if ready for download.

Down on the page is the file ready for download

Install wireshark and open the file

Lets search for the ssh connection

Lets see if it captured the ping to google within 30 sec.

# filer wireshark
ip.addr == our-public-ipadr

The connection success

It was not enough time to capture the google ping packet.