Home / Solution / Test-NetConnection: Check for Open/Closed Ports from PowerShell

Test-NetConnection: Check for Open/Closed Ports from PowerShell

A ready-to-use cmdlet to examine community connection — Test-NetConnection – has appeared in PowerShell four.zero (Windows 2012 R2, Windows eight.1 and newer). You can use this cmdlet to examine the response and availability of a distant server or community service on it, TCP ports blocking by firewalls, examine ICMP availability and routing. In truth, the Test-NetConnection cmdlet can exchange a number of customary community admin instruments without delay: ping, traceroute, TCP port scanner, and many others.

From time to time, any administrator has to examine service availability on a distant server by checking distant TCP port response (for instance, the provision of an e-mail or net server). Moreover, most admins are used to performing such a port examine with the telnet command. For instance, to ensure the is response on the e-mail server (by default, it responds at TCP Port 25) it is sufficient to run telnet ny-msg01.woshub.com 25 command. But beginning from Windows 7, the telnet consumer has turn out to be a characteristic to be put in individually. Let’s see the best way to examine for open/closed TCP ports utilizing PowerShell.

The most important good thing about the Test-NetConnection cmdlet is that it’s already a part of all fashionable variations of Windows and also you don’t want to put in it individually. The cmdlet is a part of the NetTCPIP module (beginning with PoSh v4.zero).

Tip. You can examine the present put in model of PowerShell with the command: $PSVersionTable.PSVersion

Value four within the Major column implies that PowerShell four.zero is put in in your pc.

Testing for Open/Closed Server TCP Ports with Test-NetConnection

Let’s examine if TCP Port 25 (SMTP protocol) is open (accessible) on the distant e-mail server utilizing Test-NetConnection:

Test-NetConnection -ComputerName ny-msg01 -Port 25

Note. Using Test-NetConnection cmdlet, you’ll be able to examine solely TCP port connection, and it’s not relevant to examine the provision of the distant UDP ports.

The shortened model of the identical command seems like this: TNC ny-msg01 -Port 25

Let’s take into account the results of the command:

ComputerName           : ny-msg01
RemoteAddress          : 10.20.1.7
DistantPort             : 25
InterfaceAlias         : CORP
SourceAddress          : 10.20.1.79
PingSucceeded          : True
PingReplyDetails (RTT) : zero ms
TcpTestSucceeded       : True

As you’ll be able to see, the cmdlet resolves the server title to IP tackle, checks the ICMP response (just like ping) and the provision of the TCP port. The specified server is responds by way of ICMP (PingSucceeded = True) and the TCP Port 25 is open (DistantPort=25, TcpTestSucceeded= True).

Note. In some circumstances, it could happen that PingSucceeded=False, and TcpTestSucceeded=True. It is prone to imply that ICMP Ping is forbidden on distant server.

The cmdlet has a particular parameter –CommonTCPPort, which lets you specify the title of a recognized community protocol (HTTP, RDP, SMB, WINRM).

For instance, to examine the provision of an HTTP net server, you should utilize the command:

Test-NetConnection -ComputerName woshub.com -CommonTCPPort HTTP

Or RDP port (3389) availability:

Test-NetConnection ny-rds1 –CommonTCPPort RDP

You can record all of the parameters that the Test-NetConnection cmdlet returns:

Test-NetConnection ny-man01 -port 445|Format-List *

If you solely have to see if the port is obtainable, it may be checked in a shorter manner:

TNC ny-msg1 -Port 25 -InformationLevel Quiet

The cmdlet returned True, which suggests the distant port is accessible.

Tip. In earlier PowerShell variations, you can examine TCP port availability as follows:

(New-Object System.Net.Sockets.TcpClient).Connect(‘ny-msg01’, 25)

In Windows 10 / Windows Server 2016, you should utilize the Test-NetConnection cmdlet to hint the path to a distant server utilizing the –TraceRoute parameter (analogous to tracert command in Windows). Using the –Hops parameter, you’ll be able to restrict the utmost variety of hopes throughout route examine.

Test-NetConnection ny-man01 –TraceRoute

The cmdlet returned the community abstract delay when accessing the server in milliseconds (PingReplyDetails (RTT): 41 ms) and all of the IP addresses of the routers on the way in which to the goal server.

Test-NetConnection in PowerShell Monitoring Scripts

The following command permits you to examine the provision of a particular port on a lot of servers, the record of which is saved in a plain textual content file list_servers.txt. We want the servers the place the desired service doesn’t reply:

Get-Content c:PSlist_servers.txt |  the place | Format-Table -AutoSize

Similarly, you’ll be able to create a easy monitoring script that checks the provision of servers and if one of many servers is unavailable.

For instance, you’ll be able to examine the provision of fundamental companies on all area controllers (a DC record could be obtained with the Get-ADDomainController cmdlet). Let’s examine the next companies on DC (the software has the same “Domain and trusts” rule):

  • RPC – TCP/135
  • LDAP – TCP/389
  • LDAP – TCP/3268
  • DNS – TCP/53
  • Kerberos – TCP/88
  • SMB – TCP/445

$Ports  = "135","389","636","3268","53","88","445","3269", "80", "443"
$AllDCs = Get-ADDomainController -Filter * | Select-Object Hostname,Ipv4address,isGlobalCatalog,Site,Forest,WorkingSystem
ForEvery($DC in $AllDCs)
{
Foreach ($P in $Ports)

The script will examine the desired TCP ports on the area controllers, and if one of many ports is unavailable, spotlight it in crimson (you’ll be able to run this PowerShell script as a Windows service).

Simple IP Network / Port Scanner with PowerShell

You may implement a easy port and IP subnet community scanner to scan distant servers or subnets for open/closed TCP ports.

Scan the vary of IP addresses on open port 3389:

foreach ($ip in 100..150)

Scan the vary of TCP ports from 1 to 1024 on the desired distant server:

foreach ($port in 1..1024)

Check Also

Managing Microsoft Office Settings with GPO Administrative Templates

To centrally handle the settings of Microsoft Office applications (Word, Excel. Outlook, Visio, PowerPoint, and …

Leave a Reply

Your email address will not be published. Required fields are marked *