Azure Network Watcher

So finally Microsoft released a feature which allows us to troubleshoot networking issues in Azure! It provides us with multiple options to check on route paths, view list of Network Security groups to see which ACL’s take priority and such. And also it can be used to check traffic flow from one location to another! NOTE: It is only available in some US regions as of now.

Now its quite limited in terms of regions it is available in and it is still in preview so we need to register the service manully, using Powershell.

Register-AzureRmProviderFeature -FeatureName AllowNetworkWatcher -ProviderNamespace Microsoft.Network

image

Get-AzureRmProviderFeature -FeatureName AllowNetworkWatcher -ProviderNamespace Microsoft.Network

image

Requires to have a VM in the requires region where Azure Network Watcher is supported –> which is now West US, North Central US and West Central US https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-packet-capture-manage-powershell

image

Needs to have a guest VM extension installed before using the packet capturing sequence. Since the Network watcher compoent needs to communicate with the a Storage Account where it stores the PCAP files.

image

After you have added the agent and enabled it on a VM you can now go back to the network watcher and see the differnt options available and it will by default choose the VM which has the agent installed to do traffic.

image

So for instance here It checked the traffic flow and see if there was any NSG that would restrict the traffic.

image

NOTE: There is an issue with the extension which Microsoft is now rolling out an hotfix to correct, so you might need to reinstall the extension on the VM using CLI

Remove-AzureRmVMExtension -ResourceGroupName resourcegroup -VMName vmname -Name NetworkWatcherAgentWindows

$AzureNetworkWatcherExtension = Get-AzureRmVMExtensionImage -Location WestCentralUS -PublisherName Microsoft.Azure.NetworkWatcher -Type NetworkWatcherAgentWindows
$ExtensionName = “AzureNetworkWatcherExtension”
Set-AzureRmVMExtension -ResourceGroupName $VM.ResourceGroupName  -Location $VM.Location -VMName $VM.Name -Name $ExtensionName -Publisher $AzureNetworkWatcherExtension.PublisherName -ExtensionType $AzureNetworkWatcherExtension.Type -TypeHandlerVersion $AzureNetworkWatcherExtension.Version.Substring(0,3)

image

You can also specify filters on what kind of traffic you want to add as part of the filter.

image

and voila! We can luckily view the pcap packets within WireShark!

image

And from here we can do more in-depth troubleshooting!

Leave a Reply

Scroll to Top