The packet capture feature is available on the Network Watcher; the Azure packet capture allows us to capture packets as they pass through a virtual machine's NIC. This feature can be abused to read sensitive data from unencrypted internal traffic.
To perform the Packet capture, we must create an Azure storage account.
In this article, we will test how to capture the network packets using Azure packet capture.
Packet Capture features in Azure
Step 1. On the Global search bar, type Network Watcher and click the Network Watcher.
![Packet Capture in Azure]()
Step 2. Select the Packet capture under the Network diagnostic tools and click + Add.
![Packet Capture in Azure]()
Step 3. Select the Target type as Virtual Machine and select the Virtual Machine that you will capture the incoming traffic, enter the packet capture name, select the Capture location as Storage account, and click Start packet capture.
![Packet Capture in Azure]()
Step 4. Once you click the Packet capture button, It will take a few minutes to deploy the Packet capture.
![Packet Capture in Azure]()
Step 5. To stop the Packet capture, click the three dots (…) and Stop.
Note: Once you stop the packet capture, you can't start the Packet capture, so you have to create a new packet capture.
![Packet Capture in Azure]()
Step 6. Select the .cap file.
![Packet Capture in Azure]()
Step 7. Click the Download the .cap file and click Download.
![Packet Capture in Azure]()
Summary
In this article, we learned how to run the Packet capture in Azure. Please ask the questions in the comment if you need further clarification.