6 Replies Latest reply on Nov 15, 2016 3:08 PM by RichardLetts

Monitor Number of Ports Being Used

nick_scott Nov 14, 2016 1:37 PM

In the past few months I have seen a poller go down more than once for having maxed out it potential 64k ports. I would like to create an alert that will 3 monitor and alert me when a threshold of 60k ports has been met. Has anyone monitored something like this in the past ?

Re: Monitor Number of Ports Being Used

Jan Pelousek Nov 14, 2016 4:31 PM (in response to nick_scott)
Hello, I believe if you are also using the SAM, you may create custom powershell template like Create a Windows PowerShell monitor . As you plan to monitor the poller directly (or is polled by SAM agent), the component may initiate just local session. The script body will be
Write-Host ("Statistic: " + (Get-NetTCPConnection).count)
Then define the thresholds for the component and create alert as usual.
1 of 1 people found this helpful
Like (1)

Actions
Re: Monitor Number of Ports Being Used

rschroeder Nov 14, 2016 4:53 PM (in response to nick_scott)

I'm a bit confused about your referencing 64K ports. Do you mean polled elements? If not, what ports are you referencing?

If you ARE talking about polled elements, you can see how many are being polled each time you look at the Polling Engine Status. I put mine right in the home page of NPM:

Is this what you're referencing?

This doesn't get you an alert, but it's very easy to see how many items are polled, and what percentage of polling completion is happening.

From there, a good custom SWQL person might find it easy to build an alert from that info . . .
Like (0)

Actions
- Re: Monitor Number of Ports Being Used
  
  Jan Pelousek Nov 14, 2016 5:08 PM (in response to rschroeder)
  
  My understanding is, that we're about detection of approaching the max number of opened TCP connections. This is by protocol defined as 65535 because of 16 bit TCP header.
  
  Like (1)
  
  Actions
  - Re: Monitor Number of Ports Being Used
    
    rschroeder Nov 14, 2016 5:11 PM (in response to Jan Pelousek)
    
    Ah, now I understand. Thank you for clarifying that. Please disregard my earlier post.
    
    Like (0)
    
    Actions
  - Re: Monitor Number of Ports Being Used
    
    nick_scott Nov 15, 2016 7:58 AM (in response to Jan Pelousek)
    
    You got it Jan! That is exactly what I was looking for. Thank you very much!
    
    Like (0)
    
    Actions
  - Re: Monitor Number of Ports Being Used
    
    RichardLetts Nov 15, 2016 3:08 PM (in response to Jan Pelousek)
    
    a TCP connection is defined by the tuple: (local IP, local port, remote ip, remote port); There is nothing in the TCP protocol that says the only the local port part has to be unique for each TCP connection.
    i.e. (10.1.1.1,22,10.2.2.2,1230) and (10.1.1.1,22,10.3.3.3,1230) are two different connections
    
    The same is true for UDP; the SNMP code I wrote back in the 1990's used a single source UDP port on the source side and did its own demultiplexing of incoming packets to avoid the problem of limited numbers of file descriptors in large networks. It also makes it MUCH easier to punch a network-management-sized hole through a firewall.
    
    Like (1)
    
    Actions

Go to original post