Monitoring with PowerShell: Monitoring network traffic

My holidays are over, and it’s back to blogging! I hope you all enjoyed the previous webinar I did in my holidays. For me it was a lot of fun and I’m doing a more advanced one soon, when I find some time. for now I’m going to be quite busy with other speaking engagements such as a couple of Solarwinds Events, and Huntress Hack_It!

In any case, let’s get back to our regular scheduled program: Monitoring and documentation scripts! 🙂 This time we’re tackling three issues in one; We’re going to monitor traffic usage to see if a connection isn’t saturated. We’re also going to check if the NIC speed is correct and we’re going to check if the connection is metered and if it is alert on it.

The use case for this can be pretty diverse; the connection saturation can help you find if the machine isn’t flooding the network or internet connection. The connection speed of course speaks for itself; these days everything should be full duplex gigabit, and it helps in finding old devices or devices looped through a voip phone.

The metered connection one is just a safety measure – Sometimes you’re remotely working on a machine that’s metered and you download an ISO, or a large update and the client won’t be too happy… 🙂

Monitoring bandwidth usage

$BandwidthAlertThreshold = "800" #megabits per second

$Counter = 0
$UsedBandwidth = do {
    $counter ++
    (Get-CimInstance -Query "Select BytesTotalPersec from Win32_PerfFormattedData_Tcpip_NetworkInterface" | Select-Object BytesTotalPerSec).BytesTotalPerSec / 1Mb * 8
} while ($counter -le 10)

$AvgBandwidth = [math]::round(($UsedBandwidth | Measure-Object -Average).average, 2)
$BandwidthAlert = if ($AvgBandwidth -gt $BandwidthAlertThreshold) { "Unhealthy - Bandwidth is at $AvgBandwidth" } else { "Healthy" }

This creates a poll of 10 intances, which is a little more than 5 seconds. It’ll show how much bandwidth the current machine is using. If the threshold is passed than it alerts that a unhealthy state has been reached. This is also great for localizing which machine is using most bandwidth on a network.

Monitoring link speeds


$Linkspeeds = (Get-NetAdapter -Physical | Where-Object { $_.MediaType -eq "802.3" -and $_.status -ne "Disconnected" })

$LinkspeedState = foreach ($Linkspeed in $Linkspeeds) {
    if ($Linkspeed.speed -lt 1000000000) { "$($Linkspeed.name) linkspeed is lower than 1000mb" }
}
if (!$Linkspeeds) { $LinkspeedState = "No physical links found" }
if (!$LinkspeedState) { $LinkspeedState = "Healthy" }

So this alerts on any machine that is connected to any port that is not 1gbps. In these days, I’m pretty sure you want everything gigabit connected. 🙂

Monitoring Metered Connections

[void][Windows.Networking.Connectivity.NetworkInformation, Windows, ContentType = WindowsRuntime]
$MeteredConnections = [Windows.Networking.Connectivity.NetworkInformation]::GetInternetConnectionProfile().GetConnectionCost() | Where-Object {$_.Networkcosttype -ne "Unrestricted"}

$RunningOnMetered = if($MeteredConnections){
    "Unhealthy - Currently running on a metered connection."
    $MeteredConnections
} else {
    "Healthy - Not running on metered connection"
}

So this is one that’s good to train your engineers to check if you have a lot of mobile users, it gives you some extra info if a user is on the road or not.

And that’s it! As always, Happy PowerShelling!

3 thoughts on “Monitoring with PowerShell: Monitoring network traffic

  1. Justin

    The code for Monitoring bandwidth usage works great if you have only one NIC in the computer, but it error if you have more then one. I ended having to put the DO While statement into a foreach statement.

    $nics = Get-CimInstance -Query “Select BytesTotalPersec from Win32_PerfFormattedData_Tcpip_NetworkInterface” | Select-Object BytesTotalPerSec, Name
    foreach ($nic in $nics)
    {
    $UsedBandwidth = do
    {
    $counter++
    $nic.BytesTotalPerSec / 1Mb * 8
    }
    while ($counter -le 10)

    $AvgBandwidth = [math]::round(($UsedBandwidth | Measure-Object -Average).average, 2)
    $BandwidthAlert = if ($AvgBandwidth -gt $BandwidthAlertThreshold) { Write-Host “Unhealthy – Bandwidth is at $AvgBandwidth” }
    else { Write-Host “Network adapter:” $nic.Name “is healthy” }
    }

    Reply
      1. Justin

        Look forward to seeing your prettier way!

        Thank you for all your dedication to this site, it is a great resource. Keep up the good work.

        Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.