format

Author: cherylmc

articles/vpn-gateway/packet-capture.md

@@ -15,9 +15,9 @@ Connectivity and performance-related problems are often complex. It can take sig
 
 There are some commonly available packet capture tools. Getting relevant packet captures with these tools can be cumbersome, especially in high-volume traffic scenarios. The filtering capabilities provided by Azure VPN Gateway packet capture are a major differentiator. You can use VPN Gateway packet capture together with commonly available packet capture tools.
 
-## VPN Gateway packet capture filtering capabilities
+## About packet capture for VPN Gateway
 
-You can run VPN Gateway packet capture on the gateway or on a specific connection, depending on your needs. You can also run packet capture on multiple tunnels at the same time. You can capture one-way or bi-directional traffic, IKE and ESP traffic, and inner packets along with filtering on a VPN gateway.
+You can run VPN Gateway packet capture on the gateway, or on a specific connection, depending on your needs. You can also run packet capture on multiple tunnels at the same time. You can capture one-way or bi-directional traffic, IKE and ESP traffic, and inner packets along with filtering on a VPN gateway.
 
 It's helpful to use a five-tuple filter (source subnet, destination subnet, source port, destination port, protocol) and TCP flags (SYN, ACK, FIN, URG, PSH, RST) when you're isolating problems in high-volume traffic.
 
@@ -32,7 +32,7 @@ The following examples of JSON and a JSON schema provide explanations of each pr
 > [!NOTE]  
 > Set the **CaptureSingleDirectionTrafficOnly** option to **false** if you want to capture both inner and outer packets.
 
-### Example JSON
+**Example JSON**
 
 ```JSON-interactive
 {
@@ -62,7 +62,9 @@ The following examples of JSON and a JSON schema provide explanations of each pr
   ]
 }
 ```
-### JSON schema
+
+**JSON schema**
+
 ```JSON-interactive
 {
     "type": "object",
@@ -317,17 +319,21 @@ The following examples of JSON and a JSON schema provide explanations of each pr
 }
 ```
 
-## Key considerations
+### Key considerations
 
 - Running packet capture can affect performance. Remember to stop the packet capture when you don't need it.
 - Suggested minimum packet capture duration is 600 seconds. Because of sync issues among multiple components on the path, shorter packet captures might not provide complete data.
 - Packet capture data files are generated in PCAP format. Use Wireshark or other commonly available applications to open PCAP files.
 - Packet captures aren't supported on policy-based gateways.
-- The maximum filesize of packet capture data files is 500MB.
+- The maximum filesize of packet capture data files is 500 MB.
 - If the `SASurl` parameter isn't configured correctly, the trace might fail with Storage errors. For examples of how to correctly generate an `SASurl` parameter, see [Stop-AzVirtualNetworkGatewayPacketCapture](/powershell/module/az.network/stop-azvirtualnetworkgatewaypacketcapture).
 - If you're configuring a User Delegated SAS, make sure the user account is granted proper RBAC permissions on the storage account such as Storage Blob Data Owner.
 
-## Start packet capture - portal
+## Packet capture - portal
+
+This section helps you start and stop a packet capture using the Azure portal.
+
+### Start packet capture - portal
 
 You can set up packet capture in the Azure portal.
 
@@ -340,15 +346,15 @@ You can set up packet capture in the Azure portal.
 1. On the **Start Packet Capture** page, make any necessary adjustments. Don't select the "Capture Single Direction Traffic Only" option if you want to capture both inner and outer packets. 
 1. Once you've configured the settings, click **Start Packet Capture**.
 
-## Stop packet capture - portal
+### Stop packet capture - portal
 
 To complete a packet capture, you need to provide a valid SAS (or Shared Access Signature) URL with read/write access. When a packet capture is stopped, the output of the packet capture is written to the container that is referenced by the SAS URL.
 
 1. To get the SAS URL, go to the storage account.
 1. Go to the container you want to use and right-click to show the dropdown list. Select **Generate SAS** to open the Generate SAS page.
 1. On the Generate SAS page, configure your settings. Make sure that you have granted read and write access.
 1. Click **Generate SAS token and URL**.
-1. The SAS token and SAS URL will appear below the button immediately. Copy the Blob SAS URL.
+1. The SAS token and SAS URL is generated and appears below the button immediately. Copy the Blob SAS URL.
 
    :::image type="content" source="./media/packet-capture/generate-sas.png" alt-text="Screenshot of generate SAS token." lightbox="./media/packet-capture/generate-sas.png":::
 
@@ -362,7 +368,7 @@ To complete a packet capture, you need to provide a valid SAS (or Shared Access
 
 The following examples show PowerShell commands that start and stop packet captures. For more information on parameter options, see [Start-AzVirtualnetworkGatewayPacketCapture](/powershell/module/az.network/start-azvirtualnetworkgatewaypacketcapture).
 
-### Prerequisites
+**Prerequisites**
 
 * Packet capture data needs to be logged into a storage account on your subscription. See [create storage account](../storage/common/storage-account-create.md).