i need create script samples network traffic every 30 seconds , stores bytes sent/received. data later used draw graphs. wrote 1 works on windows 2012 realised of cmdlets not available in previous versions 2008 seeking alternatives.
for windows 2012 used get-netadapterstatistics received/sent bytes won't work on pre 2012 thought use netstat -e problem both giving me different results , hoping can tell me why? script below written see different between data.
function getnic{ $nic = get-netroute | ? destinationprefix -eq '0.0.0.0/0' | get-netipinterface | connectionstate -eq "connected" | select -expandproperty interfacealias return $nic } function getbr{ $b = ((netstat -e | select-string "bytes") -split '\s+')[2] $a = (get-netadapterstatistics |where interfacealias -eq $nic_name |select -expandproperty sentbytes) $a - $script:startbr $b - $script:startbr2 $script:startbr = $a $script:startbr2 = $b } $nic_name = getnic $startbr = (get-netadapterstatistics |where interfacealias -eq $nic_name |select -expandproperty sentbytes) $startbr2 = ((netstat -e | select-string "bytes") -split '\s+')[2] for(1..1000){ getbr start-sleep 5 } the results below
0 0 4577 18308 6695 26780 9055 36220 ideally interested in capturing traffic on external interface.
while can´t offer explanation difference between methods offer alternative should work on pre 2012 on 2012 upwards:
$ifindex = get-wmiobject -class win32_ip4routetable | {$_.destination -eq "0.0.0.0"} | select -expandproperty interfaceindex $ifindex = "interfaceindex=" + $ifindex $nic_name = get-wmiobject -class win32_networkadapterconfiguration -filter $ifindex | select -expandproperty description $nic = [system.net.networkinformation.networkinterface]::getallnetworkinterfaces() | {($_.description -eq $nic_name) -and ($_.operationalstatus -eq "up")} $stats = $nic.getipv4statistics() $bytessent = $stats.bytessent $bytesreceived = $stats.bytesreceived this gives results consistent get-netadapterstatistics cmdlet on system
after thinking maybe netstat shows statistics multiple network adapters (maybe including loopback) combined since there no differentiation nic? guessing might explain increased bytecount. sadly there´s no details found in docs
Comments
Post a Comment