About How to take packet capture which including global ip address.

Michiteru Sugitani 70

Hi All,

I need take packet capture which including global ip address of Linux VM.

If I taken capture using tcpdump on Linux VM, source and destination are local address of Linux VM.

I would like to take capture which source and destination are glocal ip address of VM(it mean outside of NAT)

If I use network watcher is it possible this?

Best regards.

Michiteru

ChaitanyaNaykodi-MSFT 24,231 Reputation points Microsoft Employee

2023-05-10T22:06:16.26+00:00

@Michiteru Sugitani

Thank you for reaching out.

Based on your statement above.

If I taken capture using tcpdump on Linux VM, source and destination are local address of Linux VM.

As the destination address is also local address. Can you please elaborate more on your set-up?like where these VM's are located. Are they present in Azure and in the same VNET? Thank you!
Michiteru Sugitani 70 Reputation points

2023-05-11T09:07:11.61+00:00

Hi
@ChaitanyaNaykodi-MSFT

Thank you for reply.

Linux VM is connected to virtual network 10.0.0.0/16 sunbet.

Global IP address is assigned to the VM.

and VM is communicating to Internet.

I need packet capture that src and dst are global IP address.

regards.
ChaitanyaNaykodi-MSFT 24,231 Reputation points Microsoft Employee

2023-05-16T00:17:13.2666667+00:00

@Michiteru Sugitani

Apologies for the delay here and thank you for providing additional details.
If I understand correctly, the Global tier IP address mentioned above will be assigned to the cross-region load balancer in this case and there will be a NAT Gateway deployed for outbound connection. If this is the case, I do not think the packet capture performed at the VM will contain the Global IP address. The packet capture will have the private IP address of the VM as it will NATed later to the Global IP address.

Can you please let us know what is requirement here? so that we can check if there is any alternative solution. Thank you!
Michiteru Sugitani 70 Reputation points

2023-05-16T06:50:59.81+00:00

Hi @ChaitanyaNaykodi-MSFT

Thank you for reply.

Yes I'm understanding that If I do tcpdump on Linux VM, src and dst address are local address.

If local address is 10.0.1.5 and global address is 20.18.10.165, how can I get packet capture which src and dst are 20.18.10.165?

Best regards.
ChaitanyaNaykodi-MSFT 24,231 Reputation points Microsoft Employee

2023-05-17T23:59:59.8966667+00:00

@Michiteru Sugitani

Thank you for getting back. Can you please share the screenshot of your Virtual Machine's Networking section from the Azure Portal? As shown in the link below.
https://video2.skills-academy.com/en-us/azure/virtual-network/ip-services/associate-public-ip-address-vm#azure-portal

I just wanted to get a clear understanding of your set-up before providing an answer. Thank you!
Michiteru Sugitani 70 Reputation points

2023-05-18T00:32:49.9533333+00:00

@ChaitanyaNaykodi-MSFT

I attached screen shot.
Please check.

Accepted answer

ChaitanyaNaykodi-MSFT 24,231 Reputation points Microsoft Employee

2023-05-22T18:06:31.4233333+00:00

@Michiteru Sugitani

Thank you sharing the details here, I am sorry I got confused with your set-up here.

As per the screenshot shared I can see that the Publc IP is assigned to the VM itself and when you did a Tcpdump the Public IP address is not present and the packet capture shows the private IP instead.
This is an expected behavior by design, by default in Azure the VM's private IP address will be NATed to Public IP when you are reaching out to the internet as described here.

Even Network watchers packet capture functionality will not capture the Public IP address in this case. The packet capture will contain private IP addresses of the VM.

Hope this answers your question. Thank you for your patience here. Please let me know if you have any further questions. Thank you!
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Share via

About How to take packet capture which including global ip address.

0 additional answers