Blog Post

Core Infrastructure and Security Blog
2 MIN READ

Simple PowerShell Network Capture Tool: Update

BrandonWilson's avatar
BrandonWilson
Icon for Microsoft rankMicrosoft
Sep 20, 2018

First published on TechNet on May 14, 2018

 

Hello all. Jacob Lavender here once again for the Ask PFE Platforms team to give you an update on the little sample tool that I put together at the end of last year. The original post is located here: https://blogs.technet.microsoft.com/askpfeplat/2017/12/04/simple-powershell-network-capture-tool/ But before you fly off to read that post – as good as it was, let me just inform you that I've made some significant updates which include two major improvements:

  • Multiple Target Computers – Yes, now we can target multiple computers at the same time using this tool (single computer still supported)
  • Enhanced Logic for credential validation.

There are a number of other improvements which are made as well, which I'll continue to tweak as time passes and post in the gallery. As a note: While you review the sample tool, if you opt to run it and stop it without completing or choosing a provided exit option, make sure that you always run the Clear-Variables function in the sample script. Why you might ask? Simple, you just don't want those variables lying around – especially the one's with credentials in them. As a final note: The report provided no longer includes any data on processes. Instead, that is performed on the remote machine and stored in a text file on the machine – and moved to the central file share upon completion of the script. Where is the tool: https://gallery.technet.microsoft.com/Remote-Network-Capture-8fa747ba My original post has a great deal of details on the value of NETSH TRACE and New-NetEventSession , so give it a look if you need some clarification. There are lots of great reference articles provided by other tech guru's way above my level – so make sure to check them out too! Limitation: PowerShell 3.0 or above is required for full functionality. If you are using PowerShell 2.0 on a target machine, then the trace files will not be moved to the central file share. But c'mon! PowerShell 6.0 is here! Why would you still be hanging on to 2.0? (Yes, I know that there are some applications for it – I get it. Sigh.)

Updated Sep 04, 2019
Version 4.0
No CommentsBe the first to comment