22,945 views | This page as PDF
Monitoring your network with Powershell
I have written a small powershell script that will help you to monitor various hosts on your network. Instead of using ping to see if a host is alive, this script will connect to tcp ports, so you can also monitor hosts behind firewalls (or hosts that cannot be pinged). In addition to this, you can also test that a port is closed (and report that this is ok if that is what you want); and only report a problem when the port is found open (instead of closed)
The script can be downloaded from the link at the bottom of this post.
This is how it works
1. Download the script, unzip it, and put it in a folder on a machine that
- has Powershell installed
- has access to the hosts you want to monitor
2. Create a text file in the same folder, containing the hosts you want to monitor. You can only put one entry per line. This is the syntax :
host:port:status (which can be ‘open’ or ‘closed’)
so suppose you want to monitor a host called www.myserver.com and verify that port 80 is open, add a line that says
If you want to monitor port 22 of host server1.mydomain.com, which should be closed by default, add a line that says
Note : You can group certain servers by adding a group title between square brackets.
[internal servers] www.myserver.com:80:open dns.mydomain.com:53:open host1.mydomain.com:139:open server1.mydomain.com:22:closed [external servers] www.mycompany.com:80:open
3. Create a file called smtp.cfg and with the following entries (and replace the text surrounded by <> with your own settings)
smtpserver=<ip address of your smtp server> smtpserverport=25 from=<email address> to=<emailaddress1,emailaddress2,> subject=[%hostname%] Port Monitor report (%events% event(s)) - %timestamp% reportmode=2 alertmode=1
(all of the settings are mandatory)
As you can see, you can use 3 variables in the Subject field. (and of course, you are free to build your own subject field.)
Both “reportmode” and “alertmode” have 2 possible values :
reportmode=1 means : only show alert entries in the report
reportmode=2 means : show all entries in the report
alertmode=1 means : only send a report when something is wrong
alertmode=2 means : always send the report
How to use the script
You should have 3 files : the powershell script, the smtp.cfg file, and the file that contains the host entries.
From a powershell command line, launch the script, and use the filename of the “host entries” file as parameter. The script will assume that smtp.cfg is in the local path.
Let’s say the hosts file is called hosts.txt and contains the following entries :
Launch the script :
c:\scripts> '.\pve_portmonitor.ps1' hosts.txt --------------------------------- pve_portmonitor.ps1 Written by Peter Van Eeckhoutte http://www.corelan.be:8800 --------------------------------- [+] Reading input file - Connecting to host www.corelan.be to verify that port tcp 8800 is open Result : port is open - Connecting to host freetools.corelan.be to verify that port tcp 80 is open Result : port is open - Connecting to host ftp.microsoft.com to verify that port tcp 21 is open Result : port is open - Connecting to host fw03.corelan.be to verify that port tcp 8888 is closed Result : port is closed [+] Writing report to report.html
The report is written to html, but no email is sent (because there are no unexpected results)
When you set alertmode to 2, an email will be sent every time
[+] Sending email to email@example.com,firstname.lastname@example.org Done.
The report looks like this :
Of course, you would need to schedule this script in order to be able to continuously monitor the hosts on your network. You can use the explanation at the bottom of this post to find out how to launch the script from a batch file. All that is left for you is to schedule the batch file thru Task Scheduler / Scheduled Tasks.
Download the script
You need to be logged in to download this script. Click this link to register if you don’t have a useraccount yetPlease log in to download PVE Port Monitor (2.8 KiB)
I don’t mind that you use/change this script to suit your own environment – but don’t forget to give me some credits :-)
© 2009 – 2010, Corelan Team (corelanc0d3r). All rights reserved.