Simple PowerShell Network Capture Tool – Update

Server Man

Well-Known Member
Joined
May 17, 2015
Windows 10
Windows 10
IE 11
IE 11
Thread starter #1
Hello all. Jacob Lavender here once again for the Ask PFE Platforms team to give you an update on the little sample tool that I put together at the end of last year.

The original post is located here:

Simple PowerShell Network Capture Tool

But before you fly off to read that post – as good as it was, let me just inform you that I’ve made some significant updates which include two major improvements:

  • Multiple Target Computers – Yes, now we can target multiple computers at the same time using this tool (single computer still supported)
  • Enhanced Logic for credential validation.

There are a number of other improvements which are made as well, which I’ll continue to tweak as time passes and post in the gallery.

As a note: While you review the sample tool, if you opt to run it and stop it without completing or choosing a provided exit option, make sure that you always run the Clear-Variables function in the sample script. Why you might ask? Simple, you just don’t want those variables lying around – especially the one’s with credentials in them.

As a final note: The report provided no longer includes any data on processes. Instead, that is performed on the remote machine and stored in a text file on the machine – and moved to the central file share upon completion of the script.

Where is the tool:

TechNet Remote Network Capture Utility v2.01

My original post has a great deal of details on the value of NETSH TRACE and New-NetEventSession, so give it a look if you need some clarification. There are lots of great reference articles provided by other tech guru’s way above my level – so make sure to check them out too!

Limitation: PowerShell 3.0 or above is required for full functionality. If you are using PowerShell 2.0 on a target machine, then the trace files will not be moved to the central file share. But c’mon! PowerShell 6.0 is here! Why would you still be hanging on to 2.0? (Yes, I know that there are some applications for it – I get it. Sigh.)

Continue reading...