Using PortQry to Check TCP/UDP Open Ports (Port Scanner)

Windows has many instruments for diagnosing issues in TCP/IP networks (ping, telnet, pathping, and so forth.). But not all of them permit you to conveniently verify the standing or scan open community ports on a distant server. The Portqry.exe utility is a handy software to verify the response of TCP/UDP ports on distant hosts to diagnose points associated to the operation of assorted community providers and firewalls in TCP/IP networks. Most usually, the Portqry utility is used as a extra purposeful substitute for telnet command, and in contrast to telnet, it additionally permits you to verify open UDP ports.

Scanning Open UDP/TCP Ports with PortQry

The first model of PortQry for Windows Server 2003 doesn’t work accurately in newer OS variations (Windows Server 2008 and newer), so the second model of the utility, PortQryV2, has been launched. It is the model that it’s best to use right this moment (you’ll be able to obtain PortQryV2 right here).

On Windows 10, you’ll be able to set up PortQry utilizing the Chokolatey with the command:

choco set up portqry

Download and extract the PortQryV2.exe archive. Run the command immediate and go to the listing with the utility, for instance:

cd c:instrumentsPortQryV2

For instance, to verify the supply of a DNS server from a consumer, you want to verify that 53 TCP and UDP ports are open on it. The syntax of the port verify command is as follows:

PortQry -n server [-p protocol] [-e || -r || -o endpoint(s)]

  • -n is the identify or IP handle of the server, which availability you’re checking;
  • -e is the port quantity to be checked (from 1 to 65535);
  • -r is the vary of ports to be checked (for instance, 1:80);
  • -p is the protocol used for checking. It could also be TCP, UDP or BOTH (TCP is utilized by default).
Note. Unlike the PowerShell cmdlet that can be utilized to verify the supply solely of TCP ports, the PortQry utility helps each TCP and UDP protocols.

In our instance, the command seems like this:

PortQry.exe –n 10.zero.25.6 -p each -e 53

Portqry will return considered one of three availability port state:

  • Listening – signifies that the port is open (accepts connections), a response has been obtained from it;
  • Not Listening – exhibits there isn’t any course of (service) on the goal system that accepts connections on the required port. The PortQry obtained an ICMP response “Destination Unreachable – Port Unreachable” when checking the UDP port, or TCP packet with the Reset flag;
  • Filtered – signifies that PortQry hasn’t obtain any response from the required port or the response has been filtered. I. e., this port isn’t listening on the goal system or the entry to it’s restricted by a firewall or some system settings. By default, TCP ports are polled three instances, and UDP is one.

In our instance, the DNS server is on the market from the consumer each over TCP and UDP ports.

TCP port 53 (area service): LISTENING
UDP port 53 (area service): LISTENING

Using -o attribute, you’ll be able to specify the sequence of ports to verify their availability:

portqry -n 10.zero.25.6 -p tcp -o 21,110,143

The subsequent command scans the ranges of the well-known TCP/IP port numbers and returns the listing of ports that settle for the connections (works as TCP Port Scanner):

portqry -n 10.zero.25.6 -r 1:1024 | discover ": LISTENING"

You can save the open ports scan consequence to a textual content file:

portqry -n 10.zero.25.6 -p tcp -r 20:500 -l scan_port_log.txt

The portqry utility has an interactive mode:

portqry –i

Now, on the PortQry Interactive Mode immediate, you’ll be able to specify the identify of the distant pc and port quantity:

node srv-lic
set port=80

To verify the port on the required server, press q and Enter.

Using the -wport and -wpid arguments, you’ll be able to monitor the standing of the required port (wport), or all ports related to the required course of (wpid) on the native host.

For instance, the next command inside 10 minutes will monitor the response of the required native port (for instance, ), and if its standing adjustments, it should notify the administrator about this (an in depth log will likely be accessible within the LogFile.txt). To cease port monitoring, press Ctrl-C:

portqry -wport 3389 -wt 600 –l LogFile.txt -y -v

You can get details about open ports and energetic TCP/UDP connections on the native pc:

portqry.exe -local

Advanced Network Services Open Ports Status in PortQry

PortQry has a built-in help of some community providers. These are LDAP, Remote Procedure Calls (RPC), e-mail protocols SMTP/POP3/IMAP4, SNMP, / , NetBIOS Name Service, , and so forth. In addition to checking port availability, the software performs protocol-specific requests to get hold of the standing of providers.

For instance, utilizing the next command you’ll be able to verify the supply of RPC endpoint mapper service  (TCP/135) and get the listing of names of RPC endpoints registered on the pc (together with their names, UUID, the handle they’re bounded to and the appliance they’re associated to).

portqry -n 10.zero.25.6 -p tcp -e 135

TCP port 135 (epmap service): LISTENING
Using ephemeral supply port
Querying Endpoint Mapper Database…
Server’s response:
UUID: d95afe72-a6d5-4259-822e-2c84da1ddb0d
ncacn_ip_tcp:10.zero.25.6 [49152]
UUID: 8975497f-93f3-4376-9c9c-fd2277495c27 Frs2 Service
ncacn_ip_tcp:10.zero.25.6 [5722]
UUID: 6b5bd21e-528c-422c-af8c-a4079be4a448 Remote Fw APIs
ncacn_ip_tcp:10.zero.25.6 [63006]
UUID: 12345678-1234-abcd-ef22-0123456789ab IPSec Policy agent endpoint
ncacn_ip_tcp:10.zero.25.6 [63006]
UUID: 367abb81-9844-35f1-ad32-912345001003
ncacn_ip_tcp:10.zero.25.6 [63002]
UUID: 50cda2a3-574d-40b3-1d66-ee4aaa33a076
ncacn_ip_tcp:10.zero.25.6 [56020]
……..
UUID: 3c4428c5-f0ab-448b-bda1-6ce01eb0a6d5 DHCP Client LRPC Endpoint
ncacn_ip_tcp:10.zero.25.6 [49153]
Total endpoints discovered: 61
==== End of RPC Endpoint Mapper question response ====
portqry.exe -n 10.zero.25.6 -e 135 -p TCP exits with return code 0x00000000.

Or you’ll be able to verify the supply and response from the SQL Server Browser service operating on the Microsoft SQL Server:

PortQry.exe -n rome-sql01 -e 1434 -p UDP

UDP port 1434 (ms-sql-m service): LISTENING or FILTERED
Sending SQL Server question to UDP port 1434...
Server's response:
ServerName ROME-SQL01
InstanceName MSSQLSERVER
IsClustered No
Version 15.zero.2000.5
tcp 53200

ServerName ROME-SQL01
InstanceName DBINVENT
IsClustered No
Version 15.zero.2000.5
tcp 1433
==== End of SQL Server question response ====
UDP port 1434 is LISTENING

As you’ll be able to see, the PortQry software confirmed not solely the supply of the 1434/UDP port, but additionally the model of the SQL server and the names of the situations operating on the SQL server and their TCP ports. The first DBINVENT occasion listens on the default port TCP/1433, and the second MSSQLSERVER makes use of a set TCP/53200 port from the RPC vary.

You can ballot the SNMP port on the machine by specifying the group identify:

portqry -n rome-sql1 -cn !snmp_trap! -e 161 -p udp

When checking port TCP/25 on an , you may get the service SMTP banner:

portqry -n mx.woshub.com  -p tcp -e 25

PortQuery GUI Version

Originally the PortQry was completely a console (CLI) software. To make it extra handy for the customers who don’t like to use the command immediate, Microsoft has developed the easy graphic interface for portqry – PortQueryUI. You can obtain PortQueryUI from the official Microsoft obtain web site: PortQueryUI.

Actually, PortQueryUI is a graphic add-on for portqry to generate a command and return the consequence within the graphic window.

In addition, the PortQueryUI accommodates a number of predefined set of queries to verify the supply of the favored Microsoft providers:

  • Domain and trusts (checking ADDS providers on an Active Directory area controller)
  • Exchange Server
  • SQL Server
  • Networking
  • IP Sec
  • Web Server
  • Net Meeting

I feel PortQueryUI doesn’t want any particular feedback. It must be clear if you happen to have a look at the screenshot under. Enter the DNS identify or IP handle of the distant server, choose one of many predefined providers (Query predefined service), or specify the port numbers for handbook port verify (Manually enter question ports) and click on the Query button.

Possible return codes in PortQueryUI (highlighted within the screenshot):

  • zero (0x00000000) – the connection has been established efficiently and the port is on the market;
  • 1 (0x00000001) – the required port is unavailable or filtered;
  • 2 (0x00000002 – a standard return code when checking the supply of a UDP connection, since ACK response isn’t returned.

Check Also

How to Backup Active Directory Domain Controller?

In this text we’ll speak about Active Directory area controller backup and find out how …

Leave a Reply

Your email address will not be published. Required fields are marked *