A ready-to-use cmdlet to examine community connection — Test-NetConnection – has appeared in PowerShell four.zero (Windows 2012 R2, Windows eight.1 and newer). You can use this cmdlet to examine the response and availability of a distant server or community service on it, TCP ports blocking by firewalls, examine ICMP availability and routing. In truth, the
Test-NetConnection cmdlet can exchange a number of customary community admin instruments without delay: ping, traceroute, TCP port scanner, and many others.
The most important good thing about the
Test-NetConnection cmdlet is that it’s already a part of all fashionable variations of Windows and also you don’t want to put in it individually. The cmdlet is a part of the NetTCPIP module (beginning with PoSh v4.zero).
Value four within the Major column implies that PowerShell four.zero is put in in your pc.
Testing for Open/Closed Server TCP Ports with Test-NetConnection
Let’s examine if TCP Port 25 (SMTP protocol) is open (accessible) on the distant e-mail server utilizing Test-NetConnection:
Test-NetConnection -ComputerName ny-msg01 -Port 25
Note. Using Test-NetConnection cmdlet, you’ll be able to examine solely TCP port connection, and it’s not relevant to examine the provision of the distant UDP ports.
The shortened model of the identical command seems like this:
TNC ny-msg01 -Port 25
Let’s take into account the results of the command:
ComputerName : ny-msg01 RemoteAddress : 10.20.1.7 DistantPort : 25 InterfaceAlias : CORP SourceAddress : 10.20.1.79 PingSucceeded : True PingReplyDetails (RTT) : zero ms TcpTestSucceeded : True
As you’ll be able to see, the cmdlet resolves the server title to IP tackle, checks the ICMP response (just like ping) and the provision of the TCP port. The specified server is responds by way of ICMP (
PingSucceeded = True) and the TCP Port 25 is open (
DistantPort=25, TcpTestSucceeded= True).
Note. In some circumstances, it could happen that PingSucceeded=False, and TcpTestSucceeded=True. It is prone to imply that ICMP Ping is forbidden on distant server.
The cmdlet has a particular parameter –CommonTCPPort, which lets you specify the title of a recognized community protocol (HTTP, RDP, SMB, WINRM).
For instance, to examine the provision of an HTTP net server, you should utilize the command:
Test-NetConnection -ComputerName woshub.com -CommonTCPPort HTTP
Or RDP port (3389) availability:
Test-NetConnection ny-rds1 –CommonTCPPort RDP
You can record all of the parameters that the Test-NetConnection cmdlet returns:
Test-NetConnection ny-man01 -port 445|Format-List *
If you solely have to see if the port is obtainable, it may be checked in a shorter manner:
TNC ny-msg1 -Port 25 -InformationLevel Quiet
The cmdlet returned
True, which suggests the distant port is accessible.
(New-Object System.Net.Sockets.TcpClient).Connect(‘ny-msg01’, 25)
In Windows 10 / Windows Server 2016, you should utilize the Test-NetConnection cmdlet to hint the path to a distant server utilizing the –TraceRoute parameter (analogous to tracert command in Windows). Using the –Hops parameter, you’ll be able to restrict the utmost variety of hopes throughout route examine.
Test-NetConnection ny-man01 –TraceRoute
The cmdlet returned the community abstract delay when accessing the server in milliseconds (
PingReplyDetails (RTT): 41 ms) and all of the IP addresses of the routers on the way in which to the goal server.
Test-NetConnection in PowerShell Monitoring Scripts
The following command permits you to examine the provision of a particular port on a lot of servers, the record of which is saved in a plain textual content file list_servers.txt. We want the servers the place the desired service doesn’t reply:
Get-Content c:PSlist_servers.txt | the place | Format-Table -AutoSize
Similarly, you’ll be able to create a easy monitoring script that checks the provision of servers and if one of many servers is unavailable.
For instance, you’ll be able to examine the provision of fundamental companies on all area controllers (a DC record could be obtained with the Get-ADDomainController cmdlet). Let’s examine the next companies on DC (the software has the same “Domain and trusts” rule):
- RPC – TCP/135
- LDAP – TCP/389
- LDAP – TCP/3268
- DNS – TCP/53
- Kerberos – TCP/88
- SMB – TCP/445
$Ports = "135","389","636","3268","53","88","445","3269", "80", "443"
$AllDCs = Get-ADDomainController -Filter * | Select-Object Hostname,Ipv4address,isGlobalCatalog,Site,Forest,WorkingSystem
ForEvery($DC in $AllDCs)
Foreach ($P in $Ports)
The script will examine the desired TCP ports on the area controllers, and if one of many ports is unavailable, spotlight it in crimson (you’ll be able to run this PowerShell script as a Windows service).
Simple IP Network / Port Scanner with PowerShell
You may implement a easy port and IP subnet community scanner to scan distant servers or subnets for open/closed TCP ports.
Scan the vary of IP addresses on open port 3389:
foreach ($ip in 100..150)
Scan the vary of TCP ports from 1 to 1024 on the desired distant server:
foreach ($port in 1..1024)