• Dana Epp

What you need to know about Azure Network Watcher

Updated: Mar 18, 2018


Have you ever felt the need to diagnose a critical problem and you needed access to packet data from a virtual machine? What if you could capture the packet data from a virtual machine in just a few clicks? How about the ability to log flow data for Network Security Groups, visualize and interpret the information with a tooling platform of your choice?


With Azure Network Watcher, you can now access a plethora of logging and diagnostic capabilities that empower you with insights to understand your network performance and health. These capabilities are accessible via Portal, Power Shell, CLI, Rest API and SDK.


There are several key things that Network Watcher enables for you. These include:

  • Deployment network topology - visualize the complete network topology of your application in Azure

  • IP flow verify - A common diagnostic need is to check whether a flow is allowed or denied to or from a virtual machine. Using “IP flow verify” you can now validate if a flow (combination of source IP, destination IP, source port, destination port and protocol) is allowed or denied. You will also be provided with the specific Network Security Group and security rule allowing or denying the flow in question.

  • Next Hop - Typical issues with network connectivity is misconfiguration of user defined routes. Next hop provides the ability to get the next hop type and IP address based on a specified virtual machine, allowing you to investigate any route being black-holed and conditions caused by incorrect configuration.

  • Packet capture - Capturing and accessing packet data enables you to address various needs from diagnosing a connectivity issue to network security and compliance. With Network Watcher, you can trigger packet capture on virtual machines. Applying advanced rule matching options, you can capture packets that have a specific source IP, destination IP, source port or destination port, or a byte offset from the start of the packet – even a combination of all the above. This feature is supported on both Windows and Linux virtual machines.

  • NSG flow logs - Flow data is a critical component for diagnosing and validating your Network Security Group configurations. You can now enable logging of NSG flow data that is allowed or denied per Network Security Group setting to help meet these needs. The NSG flow information includes timestamp, source IP, destination IP, source port, destination port and protocol, the Network Security Group and the security rule. This data can be ingested and visualized by Microsoft tools such as Power BI, as well as security information and event management tools provided by 3rd party partners and open source tools.

  • Security Group view - Auditing your network security is vital for detecting network vulnerabilities and ensuring compliance with your IT security and regulatory governance model. With Security Group view, you can retrieve the configured Network Security Group and security rules, as well as the effective security rules. With the list of rules applied, you can determine the ports that are open and assess network vulnerability.

  • Network Subscription limits - You can now view the usage of network resources against the limits in your subscription.

There is quite a bit that Network Watcher provides to allow you to monitor, diagnose, and gain insights to your network performance and health in the cloud. Check it out today if you haven't. If you still need convincing, you can watch the video below for a more in-depth introduction.




© 2020 by Dana Epp

  • White Twitter Icon
  • LinkedIn - White Circle