Get-Packet Cmdlet
Parameters Output Objects Config Settings
The Get-Packet component is used to listen to network traffic.
Syntax
Get-Packet [parameters]
Remarks
The get-packet cmdlet will bind to a specific local host address and listen for network traffic received by the interface. The interface must support promiscuous mode (this may not work in many wireless cards because of security considerations). This is not supported on operating systems released prior to Windows 2000.
NOTE: If your computer connects to a switch, the switch will only forward packets addressed to your computer. If your computer is on a hub, then you will receive everything.
The use of this cmdlet requires administrative permissions.
The cmdlet can be used without additional parameters, or you can set LocalIP to the IP address whose traffic you wish to monitor (if it is not the default), and set Time to the number of seconds you wish to monitor traffic. For each packet that crosses the interface, the cmdlet will return a Packet object.
The cmdlets support pipeline input for some of their parameters. Prebuilding an object and piping it to the cmdlet is very useful, but should be used with caution to prevent security conflicts. Steps have been taken to decrease the risk of a possibly accidental pipe to the cmdlet, for instance, the Credential parameter cannot be piped to the cmdlet and must be specified manually.
# listen for one hour
get-packet -time 3600
# listen on a specific interface
get-packet -localip $ipaddr
Parameter List
The following is the full list of the parameters of the cmdlet with short descriptions. Click on the links for further details.
| LogFile | The location of a file to which debug information is written. |
| Config | Specifies one or more configuration settings. |
| LocalIP | The local interface specified by its IP address. |
| LogFile | The location of a file to which debug information is written. |
| Protocol | The protocol name to use as a filter. |
| Time | The duration of the bind. |
Output Objects
The following is the full list of the output objects returned by the cmdlet with short descriptions. Click on the links for further details.
| Packet | This object contains details about a packet received while the component was sniffing. |
Config Settings
The following is a list of config settings for the cmdlet with short descriptions. Click on the links for further details.
| ListInterface | Lists the interfaces visible to the WinPCap or NPCap driver. |
| ReceiveAllMode | Enables a socket to receive all IPv4 or IPv6 packets on the network. |
| SelectedInterface | Used to select the interface the WinPCap or NPCap driver will listen on. |
| UseWinPCap | Whether to use the WinPCap or NPCap driver. |
| AbsoluteTimeout | Determines whether timeouts are inactivity timeouts or absolute timeouts. |
| FirewallData | Used to send extra data to the firewall. |
| InBufferSize | The size in bytes of the incoming queue of the socket. |
| OutBufferSize | The size in bytes of the outgoing queue of the socket. |
| BuildInfo | Information about the product's build. |
| CodePage | The system code page used for Unicode to Multibyte translations. |
| LicenseInfo | Information about the current license. |
| MaskSensitive | Whether sensitive data is masked in log messages. |
| UseInternalSecurityAPI | Tells the component whether or not to use the system security libraries or an internal implementation. |
LogFile Parameter (Get-Packet Cmdlet)
The location of a file to which debug information is written.
Syntax
Get-Packet -LogFile string
Remarks
When specified, the cmdlet will log debug information to the file. If the file exists, the information will be appended.Default Value
null
Config Property (Get-Packet Cmdlet)
Specifies one or more configuration settings.
Syntax
Get-Packet -Config string[]
Remarks
The Config parameter takes one or more name-value pairs that represent the name of the configuration setting and value, i.e.: -config "Name=Value"
Default Value
null
LocalIP Property (Get-Packet Cmdlet)
The local interface specified by its IP address.
Syntax
Get-Packet -LocalIP string
Remarks
The local IP address for the cmdlet to which to bind and begin sniffing packets. Packets will be sniffed for the duration specified in Time.
Default Value
""
LogFile Property (Get-Packet Cmdlet)
The location of a file to which debug information is written.
Syntax
Get-Packet -LogFile string
Remarks
When specified, the cmdlet will log debug information to the file. If the file exists, the information will be appended.
Default Value
""
Protocol Property (Get-Packet Cmdlet)
The protocol name to use as a filter.
Syntax
Get-Packet -Protocol string
Remarks
Protocol may be used to filter the sniffed packets for a specific IP protocol. A partial list of protocols is included in the table below. If Protocol is not specified, all network traffic will be monitored.
- ICMP
- IGMP
- IP
- TCP
- UDP
Default Value
""
Time Property (Get-Packet Cmdlet)
The duration of the bind.
Syntax
Get-Packet -Time int
Remarks
The duration (in seconds) for which you wish the cmdlet to sniff packets. If set to 0 (default), the cmdlet will sniff packets indefinitely.
Default Value
0
Parameter Position
0
Packet Output Object (Get-Packet Cmdlet)
This object contains details about a packet received while the component was sniffing.
Syntax
Object Packet {string Destination;
string Source;
string Protocol;
int DestinationPort;
int SourcePort;
string Payload;
}
Remarks
When the cmdlet is active and listening for network traffic, each packet received and sent across the interface in LocalIP will be stored in a Packet object. This object contains information about the packet sniffed.
Config Settings (Get-Packet Cmdlet)
The cmdlet accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the cmdlet, access to these internal properties is provided through the Config method.IPMonitor Config Settings
| ListInterface: Lists the interfaces visible to the WinPCap or NPCap driver.This configuration setting returns a numbered list of interfaces visible to the WinPCap or NPCap driver on the system. | |||||||||||
ReceiveAllMode:
Enables a socket to receive all IPv4 or IPv6 packets on the network.The following modes are available:
|
|||||||||||
| SelectedInterface: Used to select the interface the WinPCap or NPCap driver will listen on.Set this configuration setting to the index of the interface the WinPCap or NPCap driver will listen on. Indices can be returned by querying ListInterface. | |||||||||||
| UseWinPCap: Whether to use the WinPCap or NPCap driver.When set to True, the cmdlet will use the WinPCap or NPCap driver available on the system. The default is False. |
Socket Config Settings
| AbsoluteTimeout:
Determines whether timeouts are inactivity timeouts or absolute timeouts.If AbsoluteTimeout is set to True, any method which does not complete within Timeout seconds
will be aborted. By default, AbsoluteTimeout is False, and the timeout is an inactivity timeout.
Note: This option is not valid for UDP ports. |
|
| FirewallData: Used to send extra data to the firewall.When the firewall is a tunneling proxy, use this property to send custom (additional) headers to the firewall (e.g. headers for custom authentication schemes). | |
| InBufferSize:
The size in bytes of the incoming queue of the socket.
This is the size of an internal queue in the TCP/IP stack.
You can increase or decrease its size depending on the amount
of data that you will be receiving. Increasing the value of the
InBufferSize setting can provide significant improvements in
performance in some cases.
Some TCP/IP implementations do not support variable buffer sizes. If that is the case, when the cmdlet is activated the InBufferSize reverts to its defined size. The same happens if you attempt to make it too large or too small. |
|
| OutBufferSize:
The size in bytes of the outgoing queue of the socket.This is the size of an internal queue in the TCP/IP stack.
You can increase or decrease its size depending on the amount
of data that you will be sending. Increasing the value of the
OutBufferSize setting can provide significant improvements in
performance in some cases.
Some TCP/IP implementations do not support variable buffer sizes. If that is the case, when the cmdlet is activated the OutBufferSize reverts to its defined size. The same happens if you attempt to make it too large or too small. |
Base Config Settings
| BuildInfo: Information about the product's build.When queried, this setting will return a string containing information about the product's build. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CodePage:
The system code page used for Unicode to Multibyte translations.The default code page is Unicode UTF-8 (65001).
The following is a list of valid code page identifiers:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
LicenseInfo:
Information about the current license.When queried, this setting will return a string containing information about the license this instance of a cmdlet is using. It will return the following information:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| MaskSensitive:
Whether sensitive data is masked in log messages.In certain circumstances it may be beneficial to mask sensitive data, like passwords, in log messages. Set this to true to mask sensitive data. The default is false.
This setting only works on these cmdlets: AS3Receiver, AS3Sender, Atom, Client(3DS), FTP, FTPServer, IMAP, OFTPClient, SSHClient, SCP, Server(3DS), Sexec, SFTP, SFTPServer, SSHServer, TCPClient, TCPServer. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| UseInternalSecurityAPI:
Tells the cmdlet whether or not to use the system security libraries or an internal implementation.
When set to false, the cmdlet will use the system security libraries by default to perform cryptographic functions where applicable.
In this case, calls to unmanaged code will be made. In certain environments this is not desirable.
To use a completely managed security implementation set this setting to true.
Setting this setting to true tells the cmdlet to use the internal implementation instead of using the system security libraries. On Windows, this setting is set to false by default. On Linux/macOS, this setting is set to true by default. If using the .NET Standard Library, this setting will be true on all platforms. The .NET Standard library does not support using the system security libraries. Note: This setting is static. The value set is applicable to all cmdlets used in the application. When this value is set the product's system DLL is no longer required as a reference, as all unmanaged code is stored in that file. |