Network Watcher Service in Azure

Network Watcher is a service that enables you to monitor and diagnose conditions at a network different scenarios level in, to, and from Azure. Network diagnostic and visualization tools within Azure Network Watcher help you understand, diagnose, and gain insights to your Azure virtual networks.

NOTE:- Currently this feature only available in 26 regions.

Following capabilities are available in Azure Network Watcher.

  • Topology
  • IP flow verify
  • Next hop
  • Security group view
  • Packet capture
  • Network subscription limit
  • Configuring Diagnostics Log

How to enable this feature for the region in the subscription.

In search type Network Watcher 

In the overview select the subscription, then in the region drop down we can see region the service available. We can enable it as follows.

After enable this feature we can monitor network activities and diagnostic.


By using this we can view Topology of the virtual network. In this it includes subnets, NICs, NSGs(Network Security Group), Public IPs, VMs. The usage of this is we can get a high level view of the network and attached devices.

IP Flow Verify

This checks the  packet is allowed or denied based on flow information 5 tuple packet parameters (Destination IP, Source IP, Destination Port, Source Port, and Protocol). If the packet is denied by a security group, the rule and group that denied the packet is returned.In the window it shows the rule that allows or deny packet.

Next Hop

In this feature we can use it to verify whats the next hop of the packet been routed in Azure fabric. This will show the next hop type and route table type. To know more about Route types refer this doc.

Security Group View

Gets the effective and applied security rules that are applied on a VM attached to the NSG. We can verify which rules are effective to the VM and what are the created rules in the NSGs. Other than that we can look in to which NIC or subnet the NSG attached.

Variable Packet Capture

By using this we can capture the data in and out from the NIC. In previously we have to install the wireshark inside the VM and capture the data transfer but by introducing this we can simply capture the network traffic and store in a blob storage. Then we can download it and open it through wireshark. Capture file saves as .cap format.

NOTE:-before we capture the data we have to make sure that we install the  AzureNetworkWatcherExtension to VM capturing as bellow.

Add extension to the VM

Select the Extension from available list.

After installation of the extension we can see it as below.

Next we can initiate the packet capturing for the VM

In Packet Capture Click Add to start new capture configuration

Change the packet capture configuration as for the need

After add it shows as running as below

Following we can see the packet capture file details

Next we can stop the capture and download the capture to local computer.

After download the capture file we can open it through wireshark.