Windows has many instruments for diagnosing issues in TCP/IP networks (
pathping, and so forth.). But not all of them permit you to conveniently verify the standing or scan open community ports on a distant server. The Portqry.exe utility is a handy software to verify the response of TCP/UDP ports on distant hosts to diagnose points associated to the operation of assorted community providers and firewalls in TCP/IP networks. Most usually, the Portqry utility is used as a extra purposeful substitute for
telnet command, and in contrast to telnet, it additionally permits you to verify open UDP ports.
Scanning Open UDP/TCP Ports with PortQry
The first model of PortQry for Windows Server 2003 doesn’t work accurately in newer OS variations (Windows Server 2008 and newer), so the second model of the utility, PortQryV2, has been launched. It is the model that it’s best to use right this moment (you’ll be able to obtain PortQryV2 right here).
choco set up portqry
Download and extract the PortQryV2.exe archive. Run the command immediate and go to the listing with the utility, for instance:
For instance, to verify the supply of a DNS server from a consumer, you want to verify that 53 TCP and UDP ports are open on it. The syntax of the port verify command is as follows:
PortQry -n server [-p protocol] [-e || -r || -o endpoint(s)]
- -n is the identify or IP handle of the server, which availability you’re checking;
- -e is the port quantity to be checked (from 1 to 65535);
- -r is the vary of ports to be checked (for instance, 1:80);
- -p is the protocol used for checking. It could also be TCP, UDP or BOTH (TCP is utilized by default).
In our instance, the command seems like this:
PortQry.exe –n 10.zero.25.6 -p each -e 53
Portqry will return considered one of three availability port state:
- Listening – signifies that the port is open (accepts connections), a response has been obtained from it;
- Not Listening – exhibits there isn’t any course of (service) on the goal system that accepts connections on the required port. The PortQry obtained an ICMP response “Destination Unreachable – Port Unreachable” when checking the UDP port, or TCP packet with the Reset flag;
- Filtered – signifies that PortQry hasn’t obtain any response from the required port or the response has been filtered. I. e., this port isn’t listening on the goal system or the entry to it’s restricted by a firewall or some system settings. By default, TCP ports are polled three instances, and UDP is one.
In our instance, the DNS server is on the market from the consumer each over TCP and UDP ports.
TCP port 53 (area service): LISTENING UDP port 53 (area service): LISTENING
Using -o attribute, you’ll be able to specify the sequence of ports to verify their availability:
portqry -n 10.zero.25.6 -p tcp -o 21,110,143
The subsequent command scans the ranges of the well-known TCP/IP port numbers and returns the listing of ports that settle for the connections (works as TCP Port Scanner):
portqry -n 10.zero.25.6 -r 1:1024 | discover ": LISTENING"
You can save the open ports scan consequence to a textual content file:
portqry -n 10.zero.25.6 -p tcp -r 20:500 -l scan_port_log.txt
The portqry utility has an interactive mode:
Now, on the PortQry Interactive Mode immediate, you’ll be able to specify the identify of the distant pc and port quantity:
To verify the port on the required server, press q and Enter.
Using the -wport and -wpid arguments, you’ll be able to monitor the standing of the required port (wport), or all ports related to the required course of (wpid) on the native host.
For instance, the next command inside 10 minutes will monitor the response of the required native port (for instance, ), and if its standing adjustments, it should notify the administrator about this (an in depth log will likely be accessible within the LogFile.txt). To cease port monitoring, press Ctrl-C:
portqry -wport 3389 -wt 600 –l LogFile.txt -y -v
You can get details about open ports and energetic TCP/UDP connections on the native pc:
Advanced Network Services Open Ports Status in PortQry
PortQry has a built-in help of some community providers. These are LDAP, Remote Procedure Calls (RPC), e-mail protocols SMTP/POP3/IMAP4, SNMP, / , NetBIOS Name Service, , and so forth. In addition to checking port availability, the software performs protocol-specific requests to get hold of the standing of providers.
For instance, utilizing the next command you’ll be able to verify the supply of RPC endpoint mapper service (TCP/135) and get the listing of names of RPC endpoints registered on the pc (together with their names, UUID, the handle they’re bounded to and the appliance they’re associated to).
portqry -n 10.zero.25.6 -p tcp -e 135
TCP port 135 (epmap service): LISTENING Using ephemeral supply port Querying Endpoint Mapper Database… Server’s response: UUID: d95afe72-a6d5-4259-822e-2c84da1ddb0d ncacn_ip_tcp:10.zero.25.6  UUID: 8975497f-93f3-4376-9c9c-fd2277495c27 Frs2 Service ncacn_ip_tcp:10.zero.25.6  UUID: 6b5bd21e-528c-422c-af8c-a4079be4a448 Remote Fw APIs ncacn_ip_tcp:10.zero.25.6  UUID: 12345678-1234-abcd-ef22-0123456789ab IPSec Policy agent endpoint ncacn_ip_tcp:10.zero.25.6  UUID: 367abb81-9844-35f1-ad32-912345001003 ncacn_ip_tcp:10.zero.25.6  UUID: 50cda2a3-574d-40b3-1d66-ee4aaa33a076 ncacn_ip_tcp:10.zero.25.6  …….. UUID: 3c4428c5-f0ab-448b-bda1-6ce01eb0a6d5 DHCP Client LRPC Endpoint ncacn_ip_tcp:10.zero.25.6  Total endpoints discovered: 61 ==== End of RPC Endpoint Mapper question response ==== portqry.exe -n 10.zero.25.6 -e 135 -p TCP exits with return code 0x00000000.
Or you’ll be able to verify the supply and response from the SQL Server Browser service operating on the Microsoft SQL Server:
PortQry.exe -n rome-sql01 -e 1434 -p UDP
UDP port 1434 (ms-sql-m service): LISTENING or FILTERED Sending SQL Server question to UDP port 1434... Server's response: ServerName ROME-SQL01 InstanceName MSSQLSERVER IsClustered No Version 15.zero.2000.5 tcp 53200 ServerName ROME-SQL01 InstanceName DBINVENT IsClustered No Version 15.zero.2000.5 tcp 1433 ==== End of SQL Server question response ==== UDP port 1434 is LISTENING
As you’ll be able to see, the PortQry software confirmed not solely the supply of the 1434/UDP port, but additionally the model of the SQL server and the names of the situations operating on the SQL server and their TCP ports. The first DBINVENT occasion listens on the default port TCP/1433, and the second MSSQLSERVER makes use of a set TCP/53200 port from the RPC vary.
You can ballot the SNMP port on the machine by specifying the group identify:
portqry -n rome-sql1 -cn !snmp_trap! -e 161 -p udp
When checking port TCP/25 on an , you may get the service SMTP banner:
portqry -n mx.woshub.com -p tcp -e 25
PortQuery GUI Version
Originally the PortQry was completely a console (CLI) software. To make it extra handy for the customers who don’t like to use the command immediate, Microsoft has developed the easy graphic interface for portqry – PortQueryUI. You can obtain PortQueryUI from the official Microsoft obtain web site: PortQueryUI.
Actually, PortQueryUI is a graphic add-on for portqry to generate a command and return the consequence within the graphic window.
In addition, the PortQueryUI accommodates a number of predefined set of queries to verify the supply of the favored Microsoft providers:
- Domain and trusts (checking ADDS providers on an Active Directory area controller)
- Exchange Server
- SQL Server
- IP Sec
- Web Server
- Net Meeting
I feel PortQueryUI doesn’t want any particular feedback. It must be clear if you happen to have a look at the screenshot under. Enter the DNS identify or IP handle of the distant server, choose one of many predefined providers (Query predefined service), or specify the port numbers for handbook port verify (Manually enter question ports) and click on the Query button.
Possible return codes in PortQueryUI (highlighted within the screenshot):
- zero (0x00000000) – the connection has been established efficiently and the port is on the market;
- 1 (0x00000001) – the required port is unavailable or filtered;
- 2 (0x00000002 – a standard return code when checking the supply of a UDP connection, since ACK response isn’t returned.