You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/network-watcher/network-watcher-alert-triggered-packet-capture.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -165,7 +165,7 @@ Get the tenant ID by running the following PowerShell cmdlet:
165
165
166
166
#### AzureCredPassword
167
167
168
-
The value of the `AzureCredPassword` environment variable is the value that you get from running the following PowerShell sample. This sample is the same one that the preceding [Authentication](#authentication) section showed. The value that you need is the output of the `$Encryptedpassword` variable. This output is the service principal password that you encrypted by using the PowerShell script.
168
+
The value of the `AzureCredPassword` environment variable is the value that you get from running the following PowerShell sample. This sample is the same one that the preceding [Configure authentication](#configure-authentication) section showed. The value that you need is the output of the `$Encryptedpassword` variable. This output is the service principal password that you encrypted by using the PowerShell script.
Copy file name to clipboardExpand all lines: articles/network-watcher/network-watcher-using-open-source-tools.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -41,7 +41,7 @@ You can directly upload a packet capture from Network Watcher. Use the **Import
41
41
42
42
When you're providing a link to CapAnalysis, be sure to append a shared access signature (SAS) token to the storage blob URL. Go to **Shared access signature** from the storage account, designate the allowed permissions, and select the **Generate SAS** button to create a token. You can then append the SAS token to the packet capture's storage blob URL.
43
43
44
-
The resulting URL looks something like the following example: `http://storageaccount.blob.core.windows.net/container/location?addSASkeyhere`
44
+
The resulting URL looks something like `http://storageaccount.blob.core.windows.net/container/location?addSASkeyhere`.
45
45
46
46
## Analyze packet captures
47
47
@@ -51,7 +51,7 @@ The following list describes a few of the CapAnalysis features:
51
51
52
52
- Flow tables
53
53
54
-
The **Flow** tab lists flows in the packet data. For each flow, the tab shows information like the time stamp, source and destination IPs, and associated protocols.
54
+
The **Flows** tab lists flows in the packet data. For each flow, the tab shows information like the time stamp, source and destination IPs, and associated protocols.
55
55
56
56
![capanalysis flow page][5]
57
57
@@ -69,7 +69,7 @@ The following list describes a few of the CapAnalysis features:
69
69
70
70
- Geographical map
71
71
72
-
The **GeoMAP** tab provides a map view of your network traffic. Colors scale to the volume of traffic from each country/region. You can select highlighted countries/regions to view additional flow statistics, such as the proportion of data sent and received from IPs in that country/region.
72
+
The **GeoMAP** tab provides a map view of your network traffic. Colors scale to the volume of traffic from each country/region. You can select highlighted countries/regions to view additional flow statistics, such as the proportion of data sent and received from IPs in a country/region.
73
73
74
74
![geomap][8]
75
75
@@ -83,7 +83,7 @@ To learn more about all the capabilities of CapAnalysis, go to the [tool's websi
83
83
84
84
## Conclusion
85
85
86
-
You can use the Network Watcher packet capture feature to capture the necessary data to perform network forensics and better understand your network traffic. The scenario in this article showed you how you can integrate packet captures from Network Watcher by using open-source visualization tools. By using tools such as CapAnalysis to visualize packet captures, you can perform deep packet inspection and quickly identify trends in your network traffic.
86
+
You can use the Network Watcher packet capture feature to capture the necessary data to perform network forensics and better understand your network traffic. The scenario in this article showed how you can integrate packet captures from Network Watcher by using open-source visualization tools. By using tools such as CapAnalysis to visualize packet captures, you can perform deep packet inspection and quickly identify trends in your network traffic.
Copy file name to clipboardExpand all lines: articles/network-watcher/packet-capture-inspect.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -35,7 +35,7 @@ When a TCP connection is established, the first three packets sent in the connec
35
35
36
36
1. Launch Wireshark.
37
37
38
-
1. Load the **.cap** file from your packet capture session.
38
+
1. Load the *.cap* file from your packet capture session.
39
39
40
40
1. Select a [SYN] packet in your capture. This packet is the first packet that the client sends to initiate a TCP connection.
41
41
@@ -55,7 +55,7 @@ When a TCP connection is established, the first three packets sent in the connec
55
55
56
56
1. Select the [SCK] packet.
57
57
58
-
1. Expand the **SEQ/ACK analysis** section to show the initial RTT (iRTT) in seconds.
58
+
1. Expand the **SEQ/ACK analysis** section to show the initial RTT in seconds.
59
59
60
60
:::image type="content" source="./media/packet-capture-inspect/view-latency.png" alt-text="Screenshot that shows the latency represented as initial round-trip time in seconds in Wireshark." lightbox="./media/packet-capture-inspect/view-latency.png":::
61
61
@@ -67,7 +67,7 @@ In this example, you learn how to analyze a packet capture to find unwanted prot
67
67
68
68
1. Open Wireshark.
69
69
70
-
1. Load the **.cap** file from your packet capture session.
70
+
1. Load the *.cap* file from your packet capture session.
71
71
72
72
1. On the **Statistics** menu, select **Protocol Hierarchy**.
73
73
@@ -88,13 +88,13 @@ Understanding the types of traffic, the endpoints, and the ports for communicati
88
88
89
89
1. Launch Wireshark.
90
90
91
-
1. Load the **.cap** file from your packet capture session.
91
+
1. Load the *.cap* file from your packet capture session.
92
92
93
93
1. On the **Statistics** menu, select **IPv4 Statistics** and then select **Destinations and Ports**.
94
94
95
95
:::image type="content" source="./media/packet-capture-inspect/destinations-ports.png" alt-text="Screenshot that shows how to get to the Destinations and Ports window in Wireshark." lightbox="./media/packet-capture-inspect/destinations-ports.png":::
96
96
97
-
1.In the **Destinations and Ports** window, you can see the top destinations and ports that the VM communicated with during the capture session. You display only communication through a specific protocol by using a filter. For example, you can see if any communication used the Remote Desktop Protocol (RDP) protocol by entering **rdp** in the **Display filter** box.
97
+
1.The **Destinations and Ports** window lists the top destinations and ports that the VM communicated with during the capture session. You display only communication through a specific protocol by using a filter. For example, you can see if any communication used Remote Desktop Protocol (RDP) by entering **rdp** in the **Display filter** box.
98
98
99
99
:::image type="content" source="./media/packet-capture-inspect/rdp-filter.png" alt-text="Screenshot that shows the RDP destinations and the ports that were used in Wireshark." lightbox="./media/packet-capture-inspect/rdp-filter.png":::
0 commit comments