How do I collect remote port statistics using WMI or iphlpapi.dll?

jasonbarresi
jasonbarresi used Ask the Experts™
on
I've developed a system which gathers server statistics for our company. Basically at a given iteration, the system connects to each remote server in our WAN and collects counter values via WMI. The service we offer to our customers is a hosted service and we'd like to report usage statistics for each port that we host on. Currently I have a remote service on each server that executes netstat.exe and parses the results line-by-line. However, I'd like to be able to just remotely connect to a built-in agent (such as WMI) or use the iphlpapi.dll wrapper to access the information remotely. Does anyone know if this is a possibility or do I have to keep using a remote service on each machine? Really all I'm looking for is to remotely get a count of connections on a per-port basis on each machine.

Thanks, Jason
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Kamran ArshadIT Associate

Commented:
Hi,

Just for curiosity, why don't you use SNMP for port statistics?
Commented:
Absolutely.  Not only that but if you look here: http://www.codeproject.com/KB/IP/remotesysinformation.aspx you can get some source code on how to do it :o)

Hope this helps.

Author

Commented:
Thanks for the suggestions, I'm going to try and get the data I need from SNMP. Two questions though, the first is do you know if I can get per-port statistics with SNMP? (i.e. the current number of connections to port 35442) and also when I am trying to connect to SNMP on the remote system I'm noticing that it seems to only listen on the first IP of the server (our servers generally have at least three IP addresses), is there a way to tell SNMP which IP address to listen on?

Thanks, Jason
Commented:
1) No.  Not with standard SNMP.  I've heard (never seen) that some vendors have implemented per port connection statistics in the enterprise (private) MIBs.
2) Configure your SNMP agent to list on 0.0.0.0 (all interfaces).  To verify that SNMP agent sees all interfaces, query IF-MIB::ifNumber & IF-MIB::ifDescr.  IF-MIB::ifNumber.0 should show you total number of interfaces (i.e.: 2) and IF-MIB::ifDescr.1 would be interface index 1 which should return something like lo0 (loopback) or ge0 (gigabit ethernet).  IF-MIB::ifType will tell you the type of interface (softwareLoopback, ethernetCsmacd and so on).

Also remember that SNMP v1 and v2c are not considered secure and generally pass either community strings and/or data in clear text.
If you have VLANs then you'll also find that the interface numbering goes a little weird, so the first interface *may* actually be something like number 64 (as it's not in VLAN 1).

Hope this helps.

Author

Commented:
Thank you very much for your assistance!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial