How to Set Up Windows Server 2016 Network Monitoring
Network monitoring is a critical component of maintaining a healthy and secure Windows Server 2016 environment. Without visibility into network traffic, bandwidth utilization, device availability, and performance metrics, administrators are essentially flying blind. Problems may go undetected until they cause outages, and capacity planning becomes guesswork. A well-implemented network monitoring strategy provides real-time alerts, historical performance data, and the ability to proactively identify and resolve issues before they impact users.
Windows Server 2016 includes several built-in tools for network monitoring, and these can be supplemented with third-party solutions for more comprehensive visibility. This guide covers native Windows Server 2016 monitoring tools, the configuration of SNMP for external monitoring, network performance counters, and how to set up basic alerting using built-in capabilities.
Built-in Network Monitoring Tools
Windows Server 2016 includes Performance Monitor (perfmon), Resource Monitor, and Network Monitor capabilities that provide significant insight into network activity without requiring additional software. Performance Monitor collects and graphs real-time and historical performance data including network-related counters.
Open Performance Monitor by running perfmon from the Run dialog or searching in the Start menu. To add network performance counters, click the green plus button to add counters. Key network counters to monitor include:
Network Interface – Bytes Total/sec: Total network throughput on each interface. Network Interface – Packets/sec: Total packet rate. Network Interface – Packets Received Errors: Indicates hardware or cabling issues. TCPv4 – Connections Established: Number of active TCP connections. TCPv4 – Connection Failures: Failed connection attempts which may indicate application issues or attacks.
To view current network statistics from the command line:
netstat -eTo view active connections with process IDs:
netstat -anoConfiguring SNMP on Windows Server 2016
Simple Network Management Protocol (SNMP) is the standard protocol used by network monitoring systems to collect data from servers and network devices. To enable external monitoring tools to query your Windows Server 2016 servers, install and configure the SNMP feature.
Install the SNMP feature using PowerShell:
Install-WindowsFeature SNMP-Service -IncludeManagementToolsAfter installation, configure the SNMP service. Open Services (services.msc), find SNMP Service, and open its properties. On the Security tab, configure the accepted community strings. A community string acts as a password for SNMP queries. Create a read-only community string and restrict which IP addresses are allowed to query the server:
For security, always use a non-default community string (not “public”), restrict SNMP queries to specific monitoring server IP addresses, and use SNMPv3 when possible as it provides authentication and encryption. Configure the community name and accepted hosts in the SNMP Service Properties Security tab, or via registry:
# Set SNMP community string (replace "MyMonitorCommunity" with your string)
Set-ItemProperty -Path "HKLM:SYSTEMCurrentControlSetServicesSNMPParametersValidCommunities" `
-Name "MyMonitorCommunity" -Value 4 -Type DWord
# Restrict to specific management host
New-ItemProperty -Path "HKLM:SYSTEMCurrentControlSetServicesSNMPParametersPermittedManagers" `
-Name "1" -Value "192.168.1.100" -Type StringUsing Windows Management Instrumentation (WMI) for Monitoring
WMI provides a rich interface for querying Windows Server 2016 configuration and performance data, including network information. Many monitoring tools use WMI to collect data from Windows servers. Use PowerShell to query WMI for network adapter information and statistics:
# Get all network adapters and their status
Get-WmiObject Win32_NetworkAdapter | Where-Object {$_.NetEnabled -eq $true} | Select-Object Name, Speed, MACAddress, NetConnectionStatusTo get network configuration details for all active adapters:
Get-WmiObject Win32_NetworkAdapterConfiguration | Where-Object {$_.IPEnabled -eq $true} | Select-Object Description, IPAddress, IPSubnet, DefaultIPGateway, DNSServerSearchOrderSetting Up Data Collector Sets for Network Monitoring
Data Collector Sets in Performance Monitor allow you to schedule continuous collection of performance counter data, providing historical records for trend analysis and capacity planning. Create a Data Collector Set specifically for network monitoring:
# Create a Data Collector Set via PowerShell using logman
logman create counter NetworkMonitor -c "Network Interface(*)Bytes Total/sec" `
"Network Interface(*)Packets Received Errors" `
"TCPv4Connections Established" `
"TCPv4Connection Failures" `
-si 00:01:00 -f bincirc -max 500 -o "C:PerfLogsNetworkMonitor"
logman start NetworkMonitorThis creates a circular binary log that collects data every 60 seconds and caps at 500 MB. The collected data can be opened in Performance Monitor for analysis.
Configuring Event Log Monitoring for Network Events
Windows Server 2016 logs network-related events in the Windows Event Log. Configure event log monitoring to alert on critical network events. Key event sources for network monitoring include:
System log – Source: Tcpip: Events related to TCP/IP configuration changes and errors. System log – Source: NetBT: NetBIOS over TCP/IP events. System log – Source: NTFS: File system and network share events.
Use PowerShell to query network-related events from the event log:
Get-WinEvent -FilterHashtable @{LogName='System'; ProviderName='Tcpip'; Level=2} -MaxEvents 50 | Select-Object TimeCreated, Id, Message | Format-ListTo create a scheduled task that runs a PowerShell script alerting when network errors exceed a threshold, combine PowerShell event queries with email notification using Send-MailMessage to build lightweight alerting without additional software. Combining these native tools with proper monitoring infrastructure provides comprehensive network visibility for Windows Server 2016 environments.
