re-added step 1

mrhoads · web-flow · commit cafdc09b4240 · 2020-01-29T13:51:17.000-06:00
re-added Step 1 for az network watcher show and added --location to packet-capture create
diff --git a/articles/network-watcher/network-watcher-packet-capture-manage-cli.md b/articles/network-watcher/network-watcher-packet-capture-manage-cli.md
@@ -104,21 +104,27 @@ The following sample is an example of the response from running `az vm extension
 
 Once the preceding steps are complete, the packet capture agent is installed on the virtual machine.
 
-
 ### Step 1
+The next step is to retrieve the Network Watcher instance. TThe name of the Network Watcher is passed to the `az network watcher show` command in a subsequent step.
+
+```azurecli
+az network watcher show --resource-group resourceGroup --name networkWatcherName
+```
+
+### Step 2
 
 Retrieve a storage account. This storage account is used to store the packet capture file.
 
 ```azurecli
 az storage account list
 ```
 
-### Step 2
+### Step 3
 
 At this point, you are ready to create a packet capture.  First, let's examine the parameters you may want to configure. Filters are one such parameter that can be used to limit the data that is stored by the packet capture. The following example sets up a packet capture with several  filters.  The first three filters collect outgoing TCP traffic only from local IP 10.0.0.3 to destination ports 20, 80 and 443.  The last filter collects only UDP traffic.
 
 ```azurecli
-az network watcher packet-capture create --resource-group {resourceGroupName} --vm {vmName} --name packetCaptureName --storage-account {storageAccountName} --filters "[{\"protocol\":\"TCP\", \"remoteIPAddress\":\"1.1.1.1-255.255.255\",\"localIPAddress\":\"10.0.0.3\", \"remotePort\":\"20\"},{\"protocol\":\"TCP\", \"remoteIPAddress\":\"1.1.1.1-255.255.255\",\"localIPAddress\":\"10.0.0.3\", \"remotePort\":\"80\"},{\"protocol\":\"TCP\", \"remoteIPAddress\":\"1.1.1.1-255.255.255\",\"localIPAddress\":\"10.0.0.3\", \"remotePort\":\"443\"},{\"protocol\":\"UDP\"}]"
+az network watcher packet-capture create --resource-group {resourceGroupName} --vm {vmName} --name packetCaptureName --storage-account {storageAccountName}  --location {location} --filters "[{\"protocol\":\"TCP\", \"remoteIPAddress\":\"1.1.1.1-255.255.255\",\"localIPAddress\":\"10.0.0.3\", \"remotePort\":\"20\"},{\"protocol\":\"TCP\", \"remoteIPAddress\":\"1.1.1.1-255.255.255\",\"localIPAddress\":\"10.0.0.3\", \"remotePort\":\"80\"},{\"protocol\":\"TCP\", \"remoteIPAddress\":\"1.1.1.1-255.255.255\",\"localIPAddress\":\"10.0.0.3\", \"remotePort\":\"443\"},{\"protocol\":\"UDP\"}]"
 ```
 
 The following example is the expected output from running the `az network watcher packet-capture create` command.
