Monitor Number of Ports Being Used

Hello, I believe if you are also using the SAM, you may create custom powershell template like Create a Windows PowerShell monitor . As you plan to monitor the poller directly (or is polled by SAM agent), the component may initiate just local session. The script body will be

Write-Host ("Statistic: " + (Get-NetTCPConnection).count)

Then define the thresholds for the component and create alert as usual.

I'm a bit confused about your referencing 64K ports.  Do you mean polled elements?  If not, what ports are you referencing?

If you ARE talking about polled elements, you can see how many are being polled each time you look at the Polling Engine Status.  I put mine right in the home page of NPM:

Is this what you're referencing?

This doesn't get you an alert, but it's very easy to see how many items are polled, and what percentage of polling completion is happening.

From there, a good custom SWQL person might find it easy to build an alert from that info . . .

My understanding is, that we're about detection  of approaching the max number of opened TCP connections. This is by protocol defined as 65535 because of 16 bit TCP header.

Ah, now I understand.  Thank you for clarifying that.  Please disregard my earlier post.

You got it Jan!  That is exactly what I was looking for.  Thank you very much!

a TCP connection is defined by the tuple: (local IP, local port, remote ip, remote port); There is nothing in the TCP protocol that says the only the local port part has to be unique for each TCP connection.

i.e. (10.1.1.1,22,10.2.2.2,1230) and (10.1.1.1,22,10.3.3.3,1230) are two different connections

The same is true for UDP; the SNMP code I wrote back in the 1990's used a single source UDP port on the source side and did its own demultiplexing of incoming packets to avoid the problem of limited numbers of file descriptors in large networks. It also makes it MUCH easier to punch a network-management-sized hole through a firewall.