Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.
2.4.1. Azure Network Watcher
Network Watcher is your primary diagnostics toolkit for Azure networking. It's automatically enabled per region when you deploy networking resources.
Key Tools:
| Tool | Purpose | Use Case |
|---|---|---|
| IP flow verify | Test if traffic is allowed/denied | "Why can't VM A reach VM B?" |
| Next hop | Determine routing path | "Where does traffic to 10.0.0.1 go?" |
| Connection troubleshoot | End-to-end connectivity test | "Is the path to SQL Server healthy?" |
| Packet capture | Capture packets on VMs | Deep troubleshooting |
| NSG flow logs | Log traffic through NSGs | Security auditing |
| VNet flow logs | Log traffic in VNets | Compliance, analysis |
| Traffic analytics | Visualize flow data | Trend analysis, anomaly detection |
| Topology | Visual network map | Documentation, understanding |
IP Flow Verify Example:
Test if VM can reach port 443 on 10.1.0.5:
Input:
- Source VM: VM1
- Direction: Outbound
- Protocol: TCP
- Source IP: 10.0.1.4
- Source Port: 60000
- Destination IP: 10.1.0.5
- Destination Port: 443
Output:
- Access: Denied
- Rule: DefaultDenyAllOutbound
- NSG: vm1-nsg
Written byAlvin Varughese
Founder•15 professional certifications