This article discusses the new features and functionality that are available in PortQry Command Line Port Scanner version 2.0.
PortQry version 1.22 is a TCP/IP connectivity testing utility that is included with the Microsoft Windows Server 2003 Support Tools. Microsoft has released a new version of PortQryV2.exe. This new version includes all the features and functionality of the earlier version and has new features and functionality.
Note PortQry Command Line Port Scanner version 2.0 is no longer available to download. This article only introduces the features and functionality of it in case you have already downloaded it.
When you troubleshoot a connectivity problem, especially in an environment that contains one or more firewalls, it is useful to know if a port is being filtered or if it is listening. PortQry includes some special features to help make this determination on selected ports. If there is no response from a target UDP port, PortQry reports that the port is LISTENING or FILTERED. PortQry then sends a correctly formatted message that the listening service or program understands. PortQry uses the correct session layer or application layer protocol to determine if the port is listening. PortQry uses the Services file that is located in the %SYSTEMROOT%\System32\Drivers\Etc folder to determine which service listens on each port.
Note This file is stored on each Microsoft Windows Server 2003, Windows XP, and Windows 2000-based computer.
Because PortQry is intended as a troubleshooting tool, it is expected that users who use it to troubleshoot a particular problem have sufficient knowledge of their computing environment. PortQry version 2.0 supports the following session layer and application layer protocols:
Be aware that the LDAP test over UDP may not work against domain controllers that are running Windows Server 2008. To check the availability of the service that is running on UDP 389, you can use NLTEST instead of the PortQry tool. For example, you can use Nltest /sc_reset \ to force a security channel onto a particular domain controller. For more information, visit the following Microsoft Web site:
Note When you specify the -r option in the PortQry.exe command to scan a range of ports, the RPC End Point Mapper is not queried. This makes the scan of a range of ports faster.
Note It is not important whether the DNS server returns a negative response. Any response indicates that the port is listening.
You can edit this port entry or add an additional entry. To cause PortQry to send LDAP queries to port 1025, modify the entry to the following entry:
Note You can change the service that PortQry determines is listening on a port by editing the Services file. For additional information, see the "Customize ports that queries use" section of this article.
In this scenario, PortQry tries to use the Anonymous user account to log on to the FTP server. The result of this logon attempt indicates whether the destination FTP server accepts anonymous logons. PortQry returns the server's response.
Example 1: You type a command that is similar to the following command, and then press ENTER:
Example 2: You type a command that is similar to the following command, and then press ENTER:
To start PortQry in interactive mode, use the –i option. For example, type portqry -i. When you do so, you receive the following output:
PortQry version 1.22 is a TCP/IP connectivity testing utility that is included with the Microsoft Windows Server 2003 Support Tools. Microsoft has released a new version of PortQryV2.exe. This new version includes all the features and functionality of the earlier version and has new features and functionality.
Note PortQry Command Line Port Scanner version 2.0 is no longer available to download. This article only introduces the features and functionality of it in case you have already downloaded it.
Overview
PortQry is a command-line utility that you can use to help troubleshoot TCP/IP connectivity issues. This utility reports the port status of target TCP and User Datagram Protocol (UDP) ports on a local computer or on a remote computer. PortQry version 2.0 also provides detailed information about the local computer's port usage. PortQry version 2.0 runs on all the following operating systems:- Microsoft Windows Server 2003
- Microsoft Windows XP
- Microsoft Windows 2000
Port status reporting
PortQry reports the status of a port in one of the following ways:- LISTENING This response indicates that a process is listening on the target port. PortQry received a response from the target port.
- NOT LISTENING This response indicates that no process is listening on the target port. PortQry received one of the following Internet Control Message Protocol (ICMP) messages from the target port:
- FILTERED This response indicates that the target port is being filtered. PortQry did not receive a response from the target port. A process may or may not be listening on the target port. By default, PortQry queries a TCP port three times before it returns a response of FILTERED and queries a UDP port one time before it returns a response of FILTERED.
PortQry version 2.0 features
Depending on the process that listens on a UDP port, sometimes it may be difficult to determine the status of that UDP port. When an unformatted zero-length or fixed-length message is sent to a target UDP port, the port may or may not respond. If the port responds, it has a status of LISTENING. If you receive an ICMP "Destination unreachable" message from a UDP port, or if a TCP reset response is returned from a TCP port, the port has a status of NOT LISTENING. Typical port scanning tools report that the port has a LISTENING status if the target UDP port does not return an ICMP "Destination unreachable" message. This result may not be accurate for one or both of the following reasons:- When there is no response to a directed datagram, the target port may be FILTERED.
- Most services do not respond to an unformatted user datagram that is sent to them.
When you troubleshoot a connectivity problem, especially in an environment that contains one or more firewalls, it is useful to know if a port is being filtered or if it is listening. PortQry includes some special features to help make this determination on selected ports. If there is no response from a target UDP port, PortQry reports that the port is LISTENING or FILTERED. PortQry then sends a correctly formatted message that the listening service or program understands. PortQry uses the correct session layer or application layer protocol to determine if the port is listening. PortQry uses the Services file that is located in the %SYSTEMROOT%\System32\Drivers\Etc folder to determine which service listens on each port.
Note This file is stored on each Microsoft Windows Server 2003, Windows XP, and Windows 2000-based computer.
Because PortQry is intended as a troubleshooting tool, it is expected that users who use it to troubleshoot a particular problem have sufficient knowledge of their computing environment. PortQry version 2.0 supports the following session layer and application layer protocols:
- Lightweight Directory Access Protocol (LDAP)
- Remote Procedure Calls (RPC)
- Domain Name System (DNS)
- NetBIOS Name Service
- Simple Network Management Protocol (SNMP)
- Internet Security and Acceleration Server (ISA)
- SQL Server 2000 Named Instances
- Trivial File Transfer Protocol (TFTP)
- Layer Two Tunneling Protocol (L2TP)
LDAP support
PortQry can send an LDAP query by using both TCP and UDP and interpret an LDAP server's response to that query correctly. PortQry parses, formats, and then returns the response from the LDAP server to the user. For example, you type the following command, and then press ENTER:
portqry -n myserver -p udp -e 389
PortQry then performs the following actions:- PortQry uses the Services file in the %SYSTEMROOT%\System32\Drivers\Etc folder to resolve the UDP port 389. If PortQry resolves the port to the LDAP service, PortQry sends an unformatted user datagram to UDP port 389 on the destination computer.
PortQry does not receive a response from the target port because the LDAP service only responds to a correctly formatted LDAP query. - PortQry reports that the port is LISTENING or FILTERED.
- PortQry sends a correctly formatted LDAP query to UDP port 389 on the destination computer.
- If PortQry receives a response to this query, it returns the whole response to the user and reports that the port is LISTENING.
If PortQry does not receive a response to this query, it reports that the port is FILTERED.
Sample output
UDP port 389 (unknown service): LISTENING or FILTERED Sending LDAP query to UDP port 389... LDAP query response: currentdate: 12/13/2003 05:42:40 (unadjusted GMT) subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=domain,DC=example,DC=com dsServiceName: CN=NTDS Settings,CN=myserver,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=example,DC=com namingContexts: DC=domain,DC=example,DC=com defaultNamingContext: DC=domain,DC=example,DC=com schemaNamingContext: CN=Schema,CN=Configuration,DC=domain,DC=example,DC=com configurationNamingContext: CN=Configuration,DC=domain,DC=example,DC=com rootDomainNamingContext: DC=domain,DC=example,DC=com supportedControl: 1.2.840.113556.1.4.319 supportedLDAPVersion: 3 supportedLDAPPolicies: MaxPoolThreads highestCommittedUSN: 4259431 supportedSASLMechanisms: GSSAPI dnsHostName: myserver.domain.example.com ldapServiceName: domain.example.com:myserver$@domain.EXAMPLE.COM serverName: CN=myserver,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=example,DC=com supportedCapabilities: 1.2.840.113556.1.4.800 isSynchronized: TRUE isGlobalCatalogReady: TRUE domainFunctionality: 0 forestFunctionality: 0 domainControllerFunctionality: 2 ======== End of LDAP query response ======== UDP port 389 is LISTENINGIn this example, you determine that port 389 is listening. Additionally, you can determine which LDAP service is listening on port 389 and certain details about that service.
Be aware that the LDAP test over UDP may not work against domain controllers that are running Windows Server 2008. To check the availability of the service that is running on UDP 389, you can use NLTEST instead of the PortQry tool. For example, you can use Nltest /sc_reset
RPC support
PortQry can send an RPC query by using both TCP and UDP and interpret the response to that query correctly. This query returns (dumps) all the end points that are currently registered with the RPC endpoint mapper. PortQry parses, formats, and then returns the response from the RPC endpoint mapper to the user. For example, you type the following command, and then press ENTER:
portqry -n myserver -p udp -e 135
PortQry then performs the following actions:- PortQry uses the Services file in the %SYSTEMROOT%\System32\Drivers\Etc folder to resolve the UDP port 135. If PortQry resolves the port to the RPC End Point Mapper service (Epmap), PortQry sends an unformatted user datagram to UDP port 135 on the destination computer.
PortQry does not receive a response from the target port because the RPC endpoint mapper service only responds to a correctly formatted RPC query. - PortQry reports that the port is LISTENING or the port is FILTERED.
- PortQry sends a correctly formatted RDC query to UDP port 135 on the destination computer. This query returns all the endpoints that are currently registered with the RPC endpoint mapper.
- If PortQry receives a response to this query, PortQry returns the whole response to the user and reports that the port is LISTENING.
If PortQry does not receive a response to this query, it reports that the port is FILTERED.
Sample output
UDP port 135 (epmap service): LISTENING or FILTERED Querying Endpoint Mapper Database... Server's response: UUID: 50abc2a4-574d-40b3-9d66-ee4fd5fba076 ncacn_ip_tcp:169.254.12.191[4144] UUID: ecec0d70-a603-11d0-96b1-00a0c91ece30 NTDS Backup Interface ncacn_np:\\\\MYSERVER[\\PIPE\\lsass] UUID: e3514235-4b06-11d1-ab04-00c04fc2dcd2 MS NT Directory DRS Interface ncacn_ip_tcp:169.254.12.191[1030] UUID: e3514235-4b06-11d1-ab04-00c04fc2dcd2 MS NT Directory DRS Interface ncadg_ip_udp:169.254.12.191[1032] UUID: 12345678-1234-abcd-ef00-01234567cffb ncacn_np:\\\\MYSERVER[\\PIPE\\lsass] UUID: 12345678-1234-abcd-ef00-01234567cffb ncacn_np:\\\\MYSERVER[\\PIPE\\POLICYAGENT] Total endpoints found: 6 ==== End of RPC Endpoint Mapper query response ==== UDP port 135 is LISTENINGIn this example, you determine that port 135 is listening. Additionally, you can determine which services or programs are registered with the RPC endpoint mapper database on the destination computer. The output includes the universal unique identifier (UUID) for each program, the annotated name (if one exists), the protocol that each program uses, the network address that the program is bound to, and the program's endpoint in square brackets.
Note When you specify the -r option in the PortQry.exe command to scan a range of ports, the RPC End Point Mapper is not queried. This makes the scan of a range of ports faster.
DNS support
PortQry can send a correctly formatted DNS query by using both TCP and UDP. PortQry sends a DNS query for the following fully qualified domain name (FQDN):
portqry.microsoft.com
PortQry then waits for a response from the destination DNS server. If the server returns a response, PortQry determines that the port is LISTENING.Note It is not important whether the DNS server returns a negative response. Any response indicates that the port is listening.
NetBIOS name service support
By default, the NetBIOS name service listens on UDP port 137. When PortQry determines that this port is LISTENING or FILTERED, PortQry performs the following actions to determine whether the port is actually listening:- If NetBIOS is available on the computer where you are running PortQry, PortQry sends a NetBIOS adapter status query to the destination computer.
- If the destination computer responds to this query, PortQry reports that the target port is LISTENING, and then returns the destination computer's media access control (MAC) address to the user.
SNMP support
SNMP support is a new feature in PortQry version 2.0. By default, the SNMP service listens on UDP port 161. To determine whether port 161 is listening, PortQry sends a query that is formatted in the way that the SNMP service accepts. The SNMP service is configured with a community name or a string that you must know to obtain a response from the server. With PortQry, you can specify SNMP community names when you query this port. By default, PortQry uses the community name, "Public." To specify a different community name, use the -cn command-line option. When you specify a community name in the PortQry.exe command, enclose that community name in exclamation marks (!). For example, to specify a community name such as secure123, type a command that is similar to the following command:
portqry -n 127.0.0.1 -e 161 -p udp -cn !secure123!
Sample output
Querying target system called: 127.0.0.1 querying... UDP port 161 (snmp service): LISTENING or FILTERED community name for query: secure123 Sending SNMP query to UDP port 161... UDP port 161 is LISTENING
ISA Server support
Microsoft ISA Server support is a new feature in PortQry version 2.0. By default, ISA Server uses TCP port 1745 and UDP port 1745 to communicate with Winsock proxy clients and with firewall clients. Computers that have the Winsock proxy client program or the Firewall client program installed use these ports to request services from ISA Server and to download configuration information. Typically, these services include name resolution services and other services that are not HTTP-based (for example, Winsock connections). To determine whether the port is listening, PortQry sends a query that is formatted in the way that ISA Server accepts.Sample output
For example, you type a command that is similar to the following command:
portqry -n myproxy-server -p udp -e 1745
You receive the following output:Querying target system called: myproxy-server Attempting to resolve name to IP address... Name resolved to 169.254.24.86 querying... UDP port 1745 (unknown service): LISTENING or FILTERED Sending ISA query to UDP port 1745... UDP port 1745 is LISTENINGWhen PortQry queries TCP port 1745, PortQry downloads the Mspclnt.ini file from the ISA Server if the Mspclnt.ini file is available on that port. The Mspclnt.ini file contains configuration information that Winsock proxy clients and Firewall clients use.
Sample output
TCP port 1745 (unknown service): LISTENING Sending ISA query to TCP port 1745... ISA query response: 10.0.0.0 10.255.255.255 127.0.0.1 127.0.0.1 169.254.0.0 169.254.255.255 192.168.0.0 192.168.255.255 127.0.0.0 127.255.255.255 ; ; This file should not be edited. ; Changes to the client configuration should only be made using ISA Management. ; [Common] myproxy-server.example.com Set Browsers to use Auto Detect=1 AutoDetect ISA Servers=1 WebProxyPort=8080 Port=1745 Configuration Refresh Time (Hours)=2 Re-check Inaccessible Server Time (Minutes)=10 Refresh Give Up Time (Minutes)=15 Inaccessible Servers Give Up Time (Minutes)=2 [Servers Ip Addresses] Name=myproxy-server [My Config] Path1=\\myproxy-server\mspclnt\ ======== End of ISA query response ========
SQL Server 2000 support
Microsoft SQL Server 2000 support is a new feature in PortQry version 2.0. PortQry queries UDP port 1434 to query all the SQL Server named instances that are running on a SQL Server 2000 computer. PortQry sends a query that is formatted in the way that SQL Server 2000 accepts to determines whether this port is listening.Sample output
For example, you type a command that is similar to the following command:
portqry -n 192.168.1.20 -e 1434 -p udp
You receive the following output:Querying target system called: 192.168.1.20 querying... UDP port 1434 (ms-sql-m service): LISTENING or FILTERED Sending SQL Server query to UDP port 1434... Server's response: ServerName SQL-Server1 InstanceName MSSQLSERVER IsClustered No Version 8.00.194 tcp 1433 np \\SQL-Server1\pipe\sql\query ==== End of SQL Server query response ==== UDP port 1434 is LISTENING
TFTP support
TFTP support is a new feature in PortQry version 2.0. By default, TFTP servers listen on UDP port 69. PortQry sends a query that is formatted in the way that the TFTP server accepts to determine whether this port is listening.Sample output
For example, you type a command that is similar to the following command:
portqry -n myserver.example.com -p udp -e 69
You receive the following output:Querying target system called: myserver.example.com Attempting to resolve name to IP address... Name resolved to 169.254.23.4 querying... UDP port 69 (tftp service): LISTENING or FILTERED Sending TFTP query to UDP port 69... UDP port 69 is LISTENING
L2TP support
L2TP support is a new feature in PortQry version 2.0. Routing and Remote Access servers and other virtual private networking (VPN) servers listen on UDP port 1701 for inbound L2TP connections. PortQry sends a query that is formatted in the way that the VPN server accepts to determine whether this port is listening.Sample output
For example, you type a command that is similar to the following command:
portqry -n vpnserver.example.com -e 1701-p udp
You receive the following output:Querying target system called: vpnserver Attempting to resolve name to IP address... Name resolved to 169.254.12.225 querying... UDP port 1701 (l2tp service): LISTENING or FILTERED Sending L2TP query to UDP port 1701... UDP port 1701 is LISTENING
Customize ports that queries use
By default, every Windows Server 2003, Windows XP, and Windows 2000-based computer has a Services file that is located in the %SYSTEMROOT%\System32\Drivers\Etc folder. PortQry uses this file to resolve port numbers to their corresponding service names. The content of this file dictates the ports where PortQry sends formatted messages when you use the PortQry.exe command. You can edit this file to direct PortQry to send formatted messages to an alternative port. For example, the following entry appears in a typical Services file:ldap 389/tcp #Lightweight Directory Access Protocol
ldap 1025/tcp #Lightweight Directory Access Protocol
Additional service information returned
PortQry displays extended information that some ports may return. PortQry looks for this "extended information" on ports where the following services listen:- Simple Mail Transfer Protocol (SMTP)
- Microsoft Exchange POP3
- Microsoft Exchange IMAP4
- FTP Publishing Service
- ISA Server services
Note You can change the service that PortQry determines is listening on a port by editing the Services file. For additional information, see the "Customize ports that queries use" section of this article.
In this scenario, PortQry tries to use the Anonymous user account to log on to the FTP server. The result of this logon attempt indicates whether the destination FTP server accepts anonymous logons. PortQry returns the server's response.
Example 1: You type a command that is similar to the following command, and then press ENTER:
portqry -n MyFtpServer -p tcp -e 21
You receive a response that is similar to the following response:TCP port 21 (ftp service): LISTENING Data returned from port: 220 Microsoft FTP Service 331 Anonymous access allowed, send identity (e-mail name) as password.In Example 1, you can determine the type of FTP server that is listening on the target port and whether the FTP server is configured to permit anonymous user logons.
Example 2: You type a command that is similar to the following command, and then press ENTER:
portqry -n MyMailServer -p tcp -e 25
You receive a response that is similar to the following response:TCP port 25 (smtp service): LISTENING Data returned from port: 220 MyMailServer.domain.example.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.0 ready at Mon, 15 Dec 2003 10:24:50 -0800In Example 2, you can determine the type of SMTP server that is listening on the target port.
PortQry command-line options
You can use the following command-line options with PortQry:- -n (name): This parameter is required. Use this parameter to specify the destination computer. You can specify a host name or a host IP address. However, you cannot embed spaces in the host name or in the IP address. PortQry resolves the host name to an IP address. If PortQry cannot resolve the host name to an IP address, the tool reports an error, and then exits. If you enter an IP address, PortQry resolves it to a host name. If the resolution is unsuccessful, PortQry reports an error, but continues to process the command.
Examplesportqry -n myserver
portqry -n www.widgets.microsoft.com
portqry -n 192.168.1.10 - -p (protocol): This parameter is optional. Use this parameter to specify the type of port or protocol that is used to connect to the target port on the destination computer. If you do not specify a protocol, PortQry uses TCP as the protocol.
Valid parameters- TCP (default): Specifies a TCP end point.
- UDP: Specifies a UDP end point.
- BOTH: Specifies both a TCP end point and a UDP end point. When you use this option, PortQry queries both the TCP end point and the UDP end point that you specify.
portqry -n myDomainController.example.com -p tcp
portqry -n myServer -p udp
portqry -n 192.168.1.20 -p both
portqry -n www.widgets.microsoft.com (This command uses the default parameter tcp.) - -e (endpoint): This parameter is optional. Use this parameter to specify the end point (or the port number) on the destination computer. This must be a valid port number between 1 and 65535 inclusive. You cannot use this parameter together with the -o parameter or the -r parameter. If you do not specify a port number, PortQry queries port 80.
Examplesportqry -n myserver -p udp -e 139
portqry -n mail.example.com -p tcp -e 25
portqry -n myserver (This command uses the default parameter of port 80.)
portqry -n 192.168.1.20 -p both -e 60897 - -o (order): This parameter is optional. Use this parameter to specify a certain number of ports to be queried in a particular order. You cannot use this option together with the -e parameter or together with the -r parameter. When you use this parameter, use commas to delimit the port numbers. You can enter the port numbers in any order. However, you cannot leave spaces between the port numbers and the comma delimiters.
Examplesportqry -n myserver -p udp -o 139,1025,135
portqry -n mail.widgets.microsoft.com -p tcp -o 143,110,25
portqry -n 192.168.1.20 -p both -o 100,1000,10000 - -r (range): This parameter is optional. Use this parameter to specify a range of port numbers to query in sequential order. You cannot use this option together with the -e parameter or together with the -o parameter. When you use this parameter, use a semi-colon (;) to delimit the starting port number and the ending port number. Specify a starting port that is lower than the ending port. Additionally, you cannot put spaces between the port numbers and the semi-colon. When you use this parameter, the RPC End Point Mapper is not queried.
Examplesportqry -n myserver -p udp -r 135;139
portqry-n www.widgets.microsoft.com -p tcp -r 10;20
portqry -n 192.168.1.20 -p both -r 25;120 - -l (log file): This parameter is optional. Use this parameter to specify a log file to record the output generated by PortQry. When you use this parameter, specify a file name together with the file name extension. You cannot type spaces in the log file name. The log file is created in the folder where PortQry runs. PortQry generates the log file output in text format. If an existing log file with the same name exists, you are prompted to overwrite it when you run the PortQry command.
Examplesportqry -n myserver -p udp -r 135;139 -l myserverlog.txt
portqry -n mail.widgets.microsoft.com -p tcp -o 143,110,25 -l portqry.log
portqry -n 192.168.1.20 -p both -e 500 -l ipsec.txt -y - -y (yes, overwrite): This parameter is optional. Use this parameter together with the -l parameter to suppress the "overwrite" prompt when a log file exists that has the same name that you specify in the PortQry command. When you use this parameter, PortQry overwrites the existing log file without prompting you.
Examplesportqry -n myserver -p udp -r 135;139 -l myserverlog.txt -y
portqry -n mail.widgets.microsoft.com -p tcp -o 143,110,25 -l portqry.log -y - -sl (slow link): This parameter is optional. Use this parameter to cause PortQry to wait longer for responses from UDP queries. Because UDP is a connectionless protocol, PortQry cannot determine whether the port is slow to respond or the port is filtered. This option doubles the time that PortQry waits for a response from a UDP port before PortQry determines that the port is NOT LISTENING or that it is FILTERED. Use this option when you query a UDP port across a slow or unreliable network link.
Examplesportqry -n myserver -p udp -r 135;139 -l myserver.txt -sl
portqry -n mail.widgets.microsoft.com -p tcp -o 143,110,25 -sl
portqry -n 192.168.1.20 -p both -e 500 -sl - -nr (no reverse name lookup): This parameter is optional. Use this parameter to bypass the reverse name lookup that PortQry performs when you specify an IP address together with the -n parameter. By default, when you specify an IP address together with the -n parameter, PortQry tries to resolve the IP address to a host name. This process may be time-consuming, especially if PortQry cannot resolve the IP address. When you specify the -nr parameter, PortQry does not look up the IP address to return the host name. Instead, PortQry queries the target ports immediately. The -nr parameter is ignored if you specify a host name together with the -n parameter.
Examplesportqry -n 192.168.22.21 -p udp -r 135:139 -l myserver.txt -s -nr
portqry -n 10.1.1.10 -p tcp -o 143,110,25 -s -nr
portqry -n 169.254.18.22 -p both -e 500 -s -nr - -q (quiet mode): This parameter is optional. Use this parameter to cause PortQry to suppress all output to the screen except for error messages. This parameter is especially helpful when you configure PortQry for use in a batch file. Depending on the status of the port, this parameter returns the following outputs:
- 0 (zero) is returned if the target port is LISTENING.
- 1 is returned if the target port is NOT LISTENING.
- 2 is returned if the target port is LISTENING or FILTERED.
Important When you use the -q parameter together with the -l (log file) parameter, PortQry overwrites an existing log file that has the same name without first prompting you for permission to do so.
Sample batch file:Top portqry -n 169.254.18.22 -e 135 -p tcp -q if errorlevel = 2 goto filtered if errorlevel = 1 goto failed if errorlevel = 0 goto success goto end :filtered Echo Port is listening or filtered goto end :failed Echo Port is not listening Goto end :success Echo Port is listening goto end :end
- -cn (community name): This parameter is optional. Use this parameter to specify a community string or community name to use when you send an SNMP query. With this parameter, you must enclose the community string with exclamation marks (!). This parameter is ignored if you do not query a port where SNMP is listening.
Examplesportqry -n myserver -p udp -e 161 -l myserver.txt -cn !snmp string!
portqry -n www.widgets.microsoft.com -p both -r 150:170 -sl -cn !my_snmp_community_name! - -sp (source port): This parameter is optional. Use this parameter to specify the initial source port to use when you connect to the specified TCP and UDP ports on the destination computer. This functionality is useful to help you test firewall or router rules that filter ports based on their source ports.
Exampleportqry -p udp -e 53 - sp 3001 -n 192.168.1.20In this example, PortQry uses UDP port 3001 on the local computer to send the query. Replies from this query go to UDP port 3001 on the local computer. PortQry cannot use the specified source port if another process already has bound to the port. In this scenario, PortQry returns the following error message:Cannot use specified source port.PortQry uses the specified source port when it sends the initial query to the destination computer. PortQry also uses this specified source port if it tries to use protocols such as FTP, SMTP, POP, IMAP, DNS, SNMP, ISA Server, and other protocols to query the destination computer. There are only the following exceptions to this rule:
Port is already in use.
Specify a port that is not in use and run the command again.RPC (TCP and UDP ports 135)In these exceptional cases, PortQry uses the specified source port for its initial query. When it tries to query the destination computer through one of the exceptional protocols, it queries the destination computer through an ephemeral source port. For example, if you specify the source port of 3000 when you query UDP port 389 (LDAP), PortQry uses UDP port 3000 if it is available for the initial UDP datagram that is sent to the LDAP port. When PortQry sends an LDAP query to the LDAP port, PortQry use an ephemeral port instead of the specified source port. (In this example, the specified source port is 3000). When PortQry uses an ephemeral port for specific queries, PortQry sends the following message:
LDAP (UDP port 389)
NetBIOS Adapter status query (UDP port 137)
Internet Security Association and Key Management Protocol (ISAKMP) (UDP port 500)
With ISAKMP/IPSec, the IPSec policy agent may only send responses from queries back to UDP port 500. In this case, it is best for PortQry to use UDP port 500 as the source port for the query. If the IPSec policy agent is running on the computer where PortQry runs, UDP port 500 is unavailable because the policy agent is using the port. In this case, PortQry returns the following message:
Additional features
PortQry version 2.0 includes the following new features:- PortQry interactive mode
- PortQry local mode
PortQry interactive mode
With PortQry version 1.22, users can query ports from the command line in a command prompt window. When you troubleshoot connectivity issues between computers, you may have to type many repetitive commands. With PortQry version 2.0, you can run commands this way, but PortQry version 2.0 also has an interactive mode. The interactive mode is similar to the interactive functionality in the Nslookup DNS utility or in the Nblookup WINS utility.To start PortQry in interactive mode, use the –i option. For example, type portqry -i. When you do so, you receive the following output:
Portqry Interactive Mode Type 'help' for a list of commands Default Node: 127.0.0.1 Current option values: end port= 80 protocol= TCP source port= 0 (ephemeral) >You can use other parameters together with the -i parameter to change the settings that PortQry uses. For example, you type a command that is similar to the following command, and then press ENTER:
portqry -i -e 53 -n 192.168.1.20 -p both –sp 2030
You receive the following output:Portqry Interactive Mode Type 'help' for a list of commands Default Node: 192.168.1.20 Current option values: end port= 53 protocol= BOTH source port= 2300
PortQry local mode
The PortQry local mode of operation is designed to give you detailed information about the TCP ports and the UDP ports on the local computer where PortQry runs. PortQry has the following three basic commands available in local mode:- portqry.exe -local When you run this command, PortQry tries to enumerate all the TCP and UDP port mappings that are currently active on the local computer. This output is similar to the output that the netstat.exe -an command generates.
Sample outputTCP/UDP Port Usage 96 active ports found Port Local IPState Remote IP:Port TCP 80 0.0.0.0 LISTENING 0.0.0.0:18510 TCP 80 169.254.149.9 TIME WAIT 169.254.74.55:3716 TCP 80 169.254.149.9 TIME WAIT 169.254.200.222:3885 TCP 135 0.0.0.0 LISTENING 0.0.0.0:10280 UDP 135 0.0.0.0 *:* UDP 137 169.254.149.9 *:* UDP 138 169.254.149.9 *:* TCP 139 169.254.149.9 LISTENING 0.0.0.0:43065 TCP 139 169.254.149.9 ESTABLISHED 169.254.4.253:4310 TCP 139 169.254.149.9 ESTABLISHED 169.254.74.55:3714 UDP 161 0.0.0.0 *:* TCP 445 0.0.0.0 LISTENING 0.0.0.0:34836 TCP 445 169.254.149.9 ESTABLISHED 169.254.53.54:4443 TCP 445 169.254.149.9 ESTABLISHED 169.254.112.122:2111 TCP 445 169.254.149.9 ESTABLISHED 169.254.112.199:1188 TCP 445 169.254.149.9 ESTABLISHED 169.254.113.96:1221 TCP 445 169.254.149.9 ESTABLISHED 169.254.200.222:3762 UDP 445 0.0.0.0 *:* UDP 500 169.254.149.9 *:* TCP 593 0.0.0.0 LISTENING 0.0.0.0:59532 UDP 1029 0.0.0.0 *:* TCP 1040 127.0.0.1 LISTENING 0.0.0.0:18638 UDP 1045 0.0.0.0 *:* TCP 1048 127.0.0.1 LISTENING 0.0.0.0:2240 TCP 1053 127.0.0.1 LISTENING 0.0.0.0:26649 TCP 1061 127.0.0.1 LISTENING 0.0.0.0:26874 TCP 1067 127.0.0.1 LISTENING 0.0.0.0:2288 TCP 1068 0.0.0.0 LISTENING 0.0.0.0:2048 TCP 1088 127.0.0.1 LISTENING 0.0.0.0:35004 UDP 1089 0.0.0.0 *:* TCP 1091 127.0.0.1 LISTENING 0.0.0.0:43085 TCP 1092 0.0.0.0 LISTENING 0.0.0.0:2096 TCP 1094 127.0.0.1 LISTENING 0.0.0.0:51268 TCP 1097 127.0.0.1 LISTENING 0.0.0.0:2104 TCP 1098 0.0.0.0 LISTENING 0.0.0.0:43053 TCP 1108 0.0.0.0 LISTENING 0.0.0.0:2160 TCP 1108 169.254.149.9 ESTABLISHED 169.254.12.210:1811 TCP 1117 127.0.0.1 LISTENING 0.0.0.0:26819 TCP 1118 0.0.0.0 LISTENING 0.0.0.0:43121 TCP 1119 0.0.0.0 LISTENING 0.0.0.0:26795 TCP 1121 0.0.0.0 LISTENING 0.0.0.0:26646 UDP 1122 0.0.0.0 *:* TCP 1123 0.0.0.0 LISTENING 0.0.0.0:35013 UDP 1126 0.0.0.0 *:* TCP 1137 127.0.0.1 LISTENING 0.0.0.0:34820 TCP 1138 0.0.0.0 LISTENING 0.0.0.0:26696 TCP 1138 169.254.149.9 CLOSE WAIT 169.254.5.103:80 TCP 1170 127.0.0.1 LISTENING 0.0.0.0:34934 TCP 1179 127.0.0.1 LISTENING 0.0.0.0:59463 TCP 1228 127.0.0.1 LISTENING 0.0.0.0:2128 UDP 1352 0.0.0.0 *:* TCP 1433 0.0.0.0 LISTENING 0.0.0.0:2064 UDP 1434 0.0.0.0 *:* TCP 1670 0.0.0.0 LISTENING 0.0.0.0:2288 TCP 1670 169.254.149.9 ESTABLISHED 169.254.233.87:445 TCP 1686 127.0.0.1 LISTENING 0.0.0.0:51309 UDP 1687 127.0.0.1 *:* TCP 1688 0.0.0.0 LISTENING 0.0.0.0:2135 TCP 1688 169.254.149.9 CLOSE WAIT 169.254.113.87:80 TCP 1689 0.0.0.0 LISTENING 0.0.0.0:51368 TCP 1689 169.254.149.9 CLOSE WAIT 169.254.113.87:80 TCP 1693 169.254.149.9 TIME WAIT 169.254.121.106:445 UDP 1698 0.0.0.0 *:* TCP 1728 127.0.0.1 LISTENING 0.0.0.0:2077 TCP 1766 127.0.0.1 LISTENING 0.0.0.0:35061 TCP 2605 127.0.0.1 LISTENING 0.0.0.0:2069 TCP 3302 127.0.0.1 LISTENING 0.0.0.0:2048 TCP 3372 0.0.0.0 LISTENING 0.0.0.0:18612 TCP 3389 0.0.0.0 LISTENING 0.0.0.0:18542 TCP 3389 169.254.149.9 ESTABLISHED 169.254.112.67:2796 TCP 3389 169.254.149.9 ESTABLISHED 169.254.113.96:4603 TCP 3389 169.254.149.9 ESTABLISHED 169.254.201.100:3917 UDP 3456 0.0.0.0 *:* TCP 3970 0.0.0.0 LISTENING 0.0.0.0:35012 TCP 3970 169.254.149.9 CLOSE WAIT 169.254.5.138:80 TCP 3972 0.0.0.0 LISTENING 0.0.0.0:51245 TCP 3972 169.254.149.9 CLOSE WAIT 169.254.5.138:80 TCP 4166 127.0.0.1 LISTENING 0.0.0.0:2208 UDP 4447 0.0.0.0 *:* TCP 4488 127.0.0.1 LISTENING 0.0.0.0:10358 UDP 4500 169.254.149.9 *:* TCP 4541 127.0.0.1 LISTENING 0.0.0.0:10442 TCP 4562 0.0.0.0 LISTENING 0.0.0.0:2192 TCP 4562 169.254.149.9 ESTABLISHED 169.254.0.40:1025 UDP 4563 0.0.0.0 *:* UDP 4564 0.0.0.0 *:* TCP 4566 0.0.0.0 LISTENING 0.0.0.0:51257 TCP 4566 169.254.149.9 ESTABLISHED 169.254.12.18:1492 TCP 4568 127.0.0.1 LISTENING 0.0.0.0:26665 TCP 4569 0.0.0.0 LISTENING 0.0.0.0:43186 TCP 4569 169.254.149.9 CLOSE WAIT 169.254.4.38:80 TCP 4756 0.0.0.0 LISTENING 0.0.0.0:51268 UDP 4758 0.0.0.0 *:* TCP 8953 0.0.0.0 LISTENING 0.0.0.0:26667 TCP 42510 0.0.0.0 LISTENING 0.0.0.0:51323 UDP 43508 169.254.149.9 *:* Port Statistics TCP mappings: 74 UDP mappings: 22 TCP ports in a LISTENING state: 51 = 68.92% TCP ports in a ESTABLISHED state: 14 = 18.92% TCP ports in a CLOSE WAIT state: 6 = 8.11% TCP ports in a TIME WAIT state: 3 = 4.05%
On computers that support Process ID (PID) to port mappings, the output includes the process ID of the process that is using the port on the local computer. If the verbose option is used (-v), the output also includes the names of the services that the process ID belongs to and lists all the modules that the process has loaded. Access to some information is restricted. For example, access to module information for the Idle and CSRSS processes is prohibited because their access restrictions prevent user-level code from opening them. PortQry reports as much information as it can access for each process. For best results, run the Portqry -local command in the context of the local Administrator or an account that has similar credentials. The following example log file excerpt illustrates the level of reporting that you may receive when you run the Portqry -local command:TCP/UDP Port to Process Mappings 55 mappings found PID:ProcessPortLocal IPState Remote IP:Port 0:System IdleTCP 4442 169.254.113.96 TIME WAIT 169.254.5.136:80 0:System IdleTCP 4456 169.254.113.96 TIME WAIT 169.254.5.44:445 4:SystemTCP 445 0.0.0.0 LISTENING 0.0.0.0:2160 4:SystemTCP 139 169.254.113.96 LISTENING 0.0.0.0:24793 4:SystemTCP 1475 169.254.113.96 ESTABLISHED 169.254.8.176:445 4:SystemUDP 445 0.0.0.0 *:* 4:SystemUDP 137 169.254.113.96 *:* 4:SystemUDP 138 169.254.113.96 *:* 424:winlogon.exeTCP 1200 169.254.113.96 CLOSE WAIT 169.254.5.44:389 424:winlogon.exeUDP 1100 0.0.0.0 *:* 484:lsass.exeTCP 1064 0.0.0.0 LISTENING 0.0.0.0:2064 484:lsass.exeUDP 500 0.0.0.0 *:* 484:lsass.exeUDP 1031 0.0.0.0 *:* 484:lsass.exeUDP 4500 0.0.0.0 *:* 668:svchost.exeTCP 135 0.0.0.0 LISTENING 0.0.0.0:16532 728:svchost.exeTCP 3389 0.0.0.0 LISTENING 0.0.0.0:45088 800UDP 1026 0.0.0.0 *:* 800UDP 1027 0.0.0.0 *:* 836:svchost.exeTCP 1025 0.0.0.0 LISTENING 0.0.0.0:43214 836:svchost.exeTCP 1559 169.254.113.96 CLOSE WAIT 169.254.5.44:389 836:svchost.exeUDP 1558 0.0.0.0 *:* 836:svchost.exeUDP 123 127.0.0.1 *:* 836:svchost.exeUDP 3373 127.0.0.1 *:* 836:svchost.exeUDP 123 169.254.113.96 *:* 1136:mstsc.exeTCP 2347 169.254.113.96 ESTABLISHED 172.30.137.221:3389 1136:mstsc.exeUDP 2348 0.0.0.0 *:* 1276:dns.exeTCP 53 0.0.0.0 LISTENING 0.0.0.0:2160 1276:dns.exeTCP 1087 0.0.0.0 LISTENING 0.0.0.0:37074 1276:dns.exeUDP 1086 0.0.0.0 *:* 1276:dns.exeUDP 2126 0.0.0.0 *:* 1276:dns.exeUDP 53 127.0.0.1 *:* 1276:dns.exeUDP 1085 127.0.0.1 *:* 1276:dns.exeUDP 53 169.254.113.96 *:* 1328:InoRpc.exeTCP 42510 0.0.0.0 LISTENING 0.0.0.0:220 1328:InoRpc.exeUDP 43508 169.254.113.96 *:* 1552:CcmExec.exeUDP 1114 0.0.0.0 *:* 1896:WINWORD.EXETCP 3807 169.254.113.96 CLOSE WAIT 169.254.237.37:3268 1896:WINWORD.EXEUDP 3806 0.0.0.0 *:* 1896:WINWORD.EXEUDP 1510 127.0.0.1 *:* 2148:IEXPLORE.EXETCP 4446 169.254.113.96 ESTABLISHED 169.254.113.92:80 2148:IEXPLORE.EXEUDP 4138 127.0.0.1 *:* 3200:program.exeTCP 1906 169.254.113.96 ESTABLISHED 169.254.0.40:1025 3200:program.exeTCP 4398 169.254.113.96 ESTABLISHED 169.254.209.96:1433 3200:program.exeTCP 4438 169.254.113.96 ESTABLISHED 169.254.209.96:1433 3592:OUTLOOK.EXETCP 1256 169.254.113.96 ESTABLISHED 169.254.1.105:1025 3592:OUTLOOK.EXETCP 2214 169.254.113.96 CLOSE WAIT 169.254.237.37:3268 3592:OUTLOOK.EXETCP 2971 169.254.113.96 ESTABLISHED 169.254.5.216:1434 3592:OUTLOOK.EXETCP 4439 169.254.113.96 ESTABLISHED 169.254.47.242:1788 3592:OUTLOOK.EXEUDP 1307 0.0.0.0 *:* 3592:OUTLOOK.EXEUDP 1553 0.0.0.0 *:* 3660:IEXPLORE.EXETCP 4452 169.254.113.96 ESTABLISHED 169.254.9.74:80 3660:IEXPLORE.EXETCP 4453 169.254.113.96 ESTABLISHED 169.254.9.74:80 3660:IEXPLORE.EXETCP 4454 169.254.113.96 ESTABLISHED 169.254.230.88:80 3660:IEXPLORE.EXEUDP 4451 127.0.0.1 *:* 4048:program2.exeUDP 3689 127.0.0.1 *:* Port Statistics TCP mappings: 27 UDP mappings: 28 TCP ports in a LISTENING state: 9 = 33.33% TCP ports in a ESTABLISHED state: 12 = 44.44% TCP ports in a CLOSE WAIT state: 4 = 14.81% TCP ports in a TIME WAIT state: 2 = 7.41% Port and Module Information by Process Note: restrictions applied to some processes may prevent Portqry from accessing more information For best results run Portqry in the context of the local administrator ====================================================== Process ID: 0 (System Idle Process) PIDPortLocal IPState Remote IP:Port 0TCP 4442 169.254.113.96 TIME WAIT 169.254.5.136:80 0TCP 4456 169.254.113.96 TIME WAIT 169.254.5.44:445 Port Statistics TCP mappings: 2 UDP mappings: 0 TCP ports in a TIME WAIT state: 2 = 100.00% Could not access module information for this process ====================================================== Process ID: 4 (System Process) PIDPortLocal IPState Remote IP:Port 4TCP 445 0.0.0.0 LISTENING 0.0.0.0:2160 4TCP 139 169.254.113.96 LISTENING 0.0.0.0:24793 4TCP 1475 169.254.113.96 ESTABLISHED 169.254.8.176:445 4UDP 445 0.0.0.0 *:* 4UDP 137 169.254.113.96 *:* 4UDP 138 169.254.113.96 *:* Port Statistics TCP mappings: 3 UDP mappings: 3 TCP ports in a LISTENING state: 2 = 66.67% TCP ports in a ESTABLISHED state: 1 = 33.33% Could not access module information for this process ====================================================== Process ID: 352 (smss.exe) Process doesn't appear to be a service Port Statistics TCP mappings: 0 UDP mappings: 0 Loaded modules: \SystemRoot\System32\smss.exe (0x48580000) C:\WINDOWS\system32\ntdll.dll (0x77F40000) ====================================================== Process ID: 484 (lsass.exe) Service Name: Netlogon Display Name: Net Logon Service Type: shares a process with other services Service Name: PolicyAgent Display Name: IPSEC Services Service Type: shares a process with other services Service Name: ProtectedStorage Display Name: Protected Storage Service Name: SamSs Display Name: Security Accounts Manager Service Type: shares a process with other services PIDPortLocal IPState Remote IP:Port 484TCP 1064 0.0.0.0 LISTENING 0.0.0.0:2064 484UDP 500 0.0.0.0 *:* 484UDP 1031 0.0.0.0 *:* 484UDP 4500 0.0.0.0 *:* Port Statistics TCP mappings: 1 UDP mappings: 3 TCP ports in a LISTENING state: 1 = 100.00% Loaded modules: C:\WINDOWS\system32\lsass.exe (0x01000000) C:\WINDOWS\system32\ntdll.dll (0x77F40000) C:\WINDOWS\system32\kernel32.dll (0x77E40000) C:\WINDOWS\system32\ADVAPI32.dll (0x77DA0000) C:\WINDOWS\system32\RPCRT4.dll (0x77C50000) C:\WINDOWS\system32\LSASRV.dll (0x742C0000) C:\WINDOWS\system32\msvcrt.dll (0x77BA0000) C:\WINDOWS\system32\Secur32.dll (0x76F50000) C:\WINDOWS\system32\USER32.dll (0x77D00000) C:\WINDOWS\system32\GDI32.dll (0x77C00000) C:\WINDOWS\system32\SAMSRV.dll (0x741D0000) C:\WINDOWS\system32\cryptdll.dll (0x766E0000) C:\WINDOWS\system32\DNSAPI.dll (0x76ED0000) C:\WINDOWS\system32\WS2_32.dll (0x71C00000) C:\WINDOWS\system32\WS2HELP.dll (0x71BF0000) C:\WINDOWS\system32\MSASN1.dll (0x76190000) C:\WINDOWS\system32\NETAPI32.dll (0x71C40000) C:\WINDOWS\system32\SAMLIB.dll (0x5CCF0000) C:\WINDOWS\system32\MPR.dll (0x71BD0000) C:\WINDOWS\system32\NTDSAPI.dll (0x766F0000) C:\WINDOWS\system32\WLDAP32.dll (0x76F10000) C:\WINDOWS\system32\IMM32.DLL (0x76290000) C:\WINDOWS\system32\LPK.DLL (0x62D80000) ====================================================== Process ID: 668 (svchost.exe) Service Name: RpcSs Display Name: Remote Procedure Call (RPC) Service Type: shares a process with other services PIDPortLocal IPState Remote IP:Port 668TCP 135 0.0.0.0 LISTENING 0.0.0.0:16532 Port Statistics TCP mappings: 1 UDP mappings: 0 TCP ports in a LISTENING state: 1 = 100.00% Loaded modules: C:\WINDOWS\system32\svchost.exe (0x01000000) C:\WINDOWS\system32\ntdll.dll (0x77F40000) C:\WINDOWS\system32\kernel32.dll (0x77E40000) C:\WINDOWS\system32\ADVAPI32.dll (0x77DA0000) C:\WINDOWS\system32\RPCRT4.dll (0x77C50000) c:\windows\system32\rpcss.dll (0x75700000) C:\WINDOWS\system32\msvcrt.dll (0x77BA0000) c:\windows\system32\WS2_32.dll (0x71C00000) c:\windows\system32\WS2HELP.dll (0x71BF0000) C:\WINDOWS\system32\USER32.dll (0x77D00000) C:\WINDOWS\system32\GDI32.dll (0x77C00000) c:\windows\system32\Secur32.dll (0x76F50000) C:\WINDOWS\system32\IMM32.DLL (0x76290000) C:\WINDOWS\system32\LPK.DLL (0x62D80000) C:\WINDOWS\system32\USP10.dll (0x73010000) C:\WINDOWS\system32\mswsock.dll (0x71B20000) C:\Program Files\Microsoft Firewall Client\wspwsp.dll (0x55600000) C:\WINDOWS\system32\iphlpapi.dll (0x76CF0000) C:\WINDOWS\System32\wshqos.dll (0x57B60000) C:\WINDOWS\system32\wshtcpip.dll (0x71AE0000) C:\WINDOWS\system32\CLBCatQ.DLL (0x76F90000) C:\WINDOWS\system32\OLEAUT32.dll (0x770E0000) C:\WINDOWS\system32\ole32.dll (0x77160000) C:\WINDOWS\system32\COMRes.dll (0x77010000) C:\WINDOWS\system32\VERSION.dll (0x77B90000) C:\WINDOWS\system32\msi.dll (0x76300000) C:\WINDOWS\system32\WTSAPI32.dll (0x76F00000) C:\WINDOWS\system32\WINSTA.dll (0x76260000) C:\WINDOWS\system32\NETAPI32.dll (0x71C40000) C:\WINDOWS\system32\USERENV.dll (0x75970000) ====================================================== ========= end of log file =========
You can use this information to determine which ports are associated with a particular program or service that is running on the computer. In some cases, Portqry may report that the System Idle process (PID 0) is using some TCP ports. This behavior may occur if a local program connects to a TCP port, and then stops. The program’s TCP connection to the port may be left in a "Timed Wait" state even though the program is no longer running. In this case, Portqry may detect that the port is in use. However, Portqry cannot identify the program that is using the port because the program has stopped. The PID was released. The port may be in a "Timed Wait" state for several minutes even though the process that was using the port has stopped. By default, the port remains in a "Timed Wait" state for twice as long as the maximum segment lifetime. - portqry.exe -wport port_number (watch port): With the watch port command, PortQry can watch the specified port for changes. These changes may include an increase or decrease in the number of connections to the port or a change in the connection state of any one of the existing connections. For example, you type the following command, and then press ENTER:portqry -wport 53As a result, PortQry watches TCP and UDP port 53. PortQry reports when any new TCP connections are made to this port. PortQry also reports one or more of the following state changes for the specified TCP port:CLOSE_WAITFor example, if a connection's state changes from ESTABLISHED to CLOSE_WAIT, a change in state has occurred. When the port's state changes, PortQry displays the port's connection table. Portqry reports if a program is bound to the UDP port, but it does not report if the UDP port receives datagrams.
CLOSED
ESTABLISHED
FIN_WAIT_1
LAST_ACK
LISTEN
SYN_RECEIVED
SYN_SEND
TIMED_WAIT
Optional parameters- -v (verbose): For additional state information, include the -v parameter in the PortQry command-line. When you use this parameter, PortQry also displays the modules that are using the ports. For example, type portqry.exe -wport 135 -v.
- -wt (watch time): By default, PortQry checks for changes in the specified port's connection table one time every 60 seconds. To configure this interval, use the -wt parameter. For example, you type the following command, and then press ENTER:portqry.exe -wport 135 -v -wt 2As a result, PortQry checks TCP port 135 and UDP port 135 for changes every 2 seconds. You can specify a time interval from 1 to 1200 (inclusive). With this parameter, you can to watch for changes from every 1 second up to one time every 20 minutes.
- -l (log file): To log the output from the watch port command, use the -l parameter. For example, you type the following command, and then press ENTER:portqry.exe -wport 2203 -v -wt 30 -l test.txtAs a result, a log file that is similar to the following log file is generated:
Portqry Version 2.0 Log File System Date: Sat Oct 04 08:54:06 2003 Command run: portqry -wport 135 -v -l test.txt Local computer name: host123 Watching port: 135 Checking for changes every 60 seconds verbose output requested ============ System Date: Sat Oct 04 08:54:07 2003 ====================================================== Process ID: 952 (svchost.exe) Service Name: RpcSs Display Name: Remote Procedure Call (RPC) Service Type: shares a process with other services PIDPortLocal IPState Remote IP:Port 952TCP 135 0.0.0.0 LISTENING 0.0.0.0:45198 952UDP 135 0.0.0.0 *:* Port Statistics TCP mappings: 1 UDP mappings: 1 TCP ports in a LISTENING state: 1 = 100.00% Loaded modules: D:\WINDOWS\system32\svchost.exe (0x01000000) D:\WINDOWS\System32\ntdll.dll (0x77F50000) D:\WINDOWS\system32\kernel32.dll (0x77E60000) D:\WINDOWS\system32\ADVAPI32.dll (0x77DD0000) D:\WINDOWS\system32\RPCRT4.dll (0x78000000) d:\windows\system32\rpcss.dll (0x75850000) D:\WINDOWS\system32\msvcrt.dll (0x77C10000) d:\windows\system32\WS2_32.dll (0x71AB0000) d:\windows\system32\WS2HELP.dll (0x71AA0000) D:\WINDOWS\system32\USER32.dll (0x77D40000) D:\WINDOWS\system32\GDI32.dll (0x77C70000) d:\windows\system32\Secur32.dll (0x76F90000) D:\WINDOWS\system32\userenv.dll (0x75A70000) D:\WINDOWS\system32\mswsock.dll (0x71A50000) D:\WINDOWS\System32\wshtcpip.dll (0x71A90000) D:\WINDOWS\system32\DNSAPI.dll (0x76F20000) D:\WINDOWS\system32\iphlpapi.dll (0x76D60000) D:\WINDOWS\System32\winrnr.dll (0x76FB0000) D:\WINDOWS\system32\WLDAP32.dll (0x76F60000) D:\WINDOWS\system32\rasadhlp.dll (0x76FC0000) D:\WINDOWS\system32\CLBCATQ.DLL (0x76FD0000) D:\WINDOWS\system32\ole32.dll (0x771B0000) D:\WINDOWS\system32\OLEAUT32.dll (0x77120000) D:\WINDOWS\system32\COMRes.dll (0x77050000) D:\WINDOWS\system32\VERSION.dll (0x77C00000) ============ System Date: Sat Oct 04 08:56:08 2003 ====================================================== Process ID: 952 (svchost.exe) Service Name: RpcSs Display Name: Remote Procedure Call (RPC) Service Type: shares a process with other services PIDPortLocal IPState Remote IP:Port 952TCP 135 0.0.0.0 LISTENING 0.0.0.0:45198 952UDP 135 0.0.0.0 *:* 952UDP 135 0.0.0.0 *:* Port Statistics TCP mappings: 1 UDP mappings: 2 TCP ports in a LISTENING state: 1 = 100.00% Loaded modules: D:\WINDOWS\system32\svchost.exe (0x01000000) D:\WINDOWS\System32\ntdll.dll (0x77F50000) D:\WINDOWS\system32\kernel32.dll (0x77E60000) D:\WINDOWS\system32\ADVAPI32.dll (0x77DD0000) D:\WINDOWS\system32\RPCRT4.dll (0x78000000) d:\windows\system32\rpcss.dll (0x75850000) D:\WINDOWS\system32\msvcrt.dll (0x77C10000) d:\windows\system32\WS2_32.dll (0x71AB0000) d:\windows\system32\WS2HELP.dll (0x71AA0000) D:\WINDOWS\system32\USER32.dll (0x77D40000) D:\WINDOWS\system32\GDI32.dll (0x77C70000) d:\windows\system32\Secur32.dll (0x76F90000) D:\WINDOWS\system32\userenv.dll (0x75A70000) D:\WINDOWS\system32\mswsock.dll (0x71A50000) D:\WINDOWS\System32\wshtcpip.dll (0x71A90000) D:\WINDOWS\system32\DNSAPI.dll (0x76F20000) D:\WINDOWS\system32\iphlpapi.dll (0x76D60000) D:\WINDOWS\System32\winrnr.dll (0x76FB0000) D:\WINDOWS\system32\WLDAP32.dll (0x76F60000) D:\WINDOWS\system32\rasadhlp.dll (0x76FC0000) D:\WINDOWS\system32\CLBCATQ.DLL (0x76FD0000) D:\WINDOWS\system32\ole32.dll (0x771B0000) D:\WINDOWS\system32\OLEAUT32.dll (0x77120000) D:\WINDOWS\system32\COMRes.dll (0x77050000) D:\WINDOWS\system32\VERSION.dll (0x77C00000) ============ escape key pressed: stopped watching port 135 System Date: Sat Oct 04 09:09:12 2003 ========= end of log file =========
- portqry.exe -wpid process_number (watch PID): With the watch PID command, PortQry watches the specified process ID (PID) for changes. These changes may include an increase or a decrease in the number of connections to the port or a change in the connection state of any one of the existing connections. This command supports the same optional parameters as the watch port command. For example, you type the following command, and then press ENTER:portqry.exe -wpid 1276 -wt 2 -v -l pid.txtAs a result, a log file that is similar to the following log file is generated:
PortQry Version 2.0 Log File System Date: Tue Oct 07 14:01:13 2003 Command run: portqry -wpid 1276 -wt 2 -v -l pid.txt Local computer name: host123 Watching PID: 1276 Checking for changes every 2 seconds verbose output requested Service Name: DNS Display Name: DNS Server Service Type: runs in its own process ============ System Date: Tue Oct 07 14:01:14 2003 ====================================================== Process ID: 1276 (dns.exe) Service Name: DNS Display Name: DNS Server Service Type: runs in its own process PIDPortLocal IPState Remote IP:Port 1276TCP 53 0.0.0.0 LISTENING 0.0.0.0:2160 1276TCP 1087 0.0.0.0 LISTENING 0.0.0.0:37074 1276UDP 1086 0.0.0.0 *:* 1276UDP 2126 0.0.0.0 *:* 1276UDP 53 127.0.0.1 *:* 1276UDP 1085 127.0.0.1 *:* 1276UDP 53 169.254.11.96 *:* Port Statistics TCP mappings: 2 UDP mappings: 5 TCP ports in a LISTENING state: 2 = 100.00% Loaded modules: C:\WINDOWS\System32\dns.exe (0x01000000) C:\WINDOWS\system32\ntdll.dll (0x77F40000) C:\WINDOWS\system32\kernel32.dll (0x77E40000) C:\WINDOWS\system32\msvcrt.dll (0x77BA0000) C:\WINDOWS\system32\ADVAPI32.dll (0x77DA0000) C:\WINDOWS\system32\RPCRT4.dll (0x77C50000) C:\WINDOWS\System32\WS2_32.dll (0x71C00000) C:\WINDOWS\System32\WS2HELP.dll (0x71BF0000) C:\WINDOWS\system32\USER32.dll (0x77D00000) C:\WINDOWS\system32\GDI32.dll (0x77C00000) C:\WINDOWS\System32\NETAPI32.dll (0x71C40000) C:\WINDOWS\system32\WLDAP32.dll (0x76F10000) C:\WINDOWS\System32\DNSAPI.dll (0x76ED0000) C:\WINDOWS\System32\NTDSAPI.dll (0x766F0000) C:\WINDOWS\System32\Secur32.dll (0x76F50000) C:\WINDOWS\system32\SHLWAPI.dll (0x77290000) C:\WINDOWS\System32\iphlpapi.dll (0x76CF0000) C:\WINDOWS\System32\MPRAPI.dll (0x76CD0000) C:\WINDOWS\System32\ACTIVEDS.dll (0x76DF0000) C:\WINDOWS\System32\adsldpc.dll (0x76DC0000) C:\WINDOWS\System32\credui.dll (0x76B80000) C:\WINDOWS\system32\SHELL32.dll (0x77380000) C:\WINDOWS\System32\ATL.DLL (0x76A80000) C:\WINDOWS\system32\ole32.dll (0x77160000) C:\WINDOWS\system32\OLEAUT32.dll (0x770E0000) C:\WINDOWS\System32\rtutils.dll (0x76E30000) C:\WINDOWS\System32\SAMLIB.dll (0x5CCF0000) C:\WINDOWS\System32\SETUPAPI.dll (0x765A0000) C:\WINDOWS\system32\IMM32.DLL (0x76290000) C:\WINDOWS\System32\LPK.DLL (0x62D80000) C:\WINDOWS\System32\USP10.dll (0x73010000) C:\WINDOWS\System32\netman.dll (0x76D80000) C:\WINDOWS\System32\RASAPI32.dll (0x76E90000) C:\WINDOWS\System32\rasman.dll (0x76E40000) C:\WINDOWS\System32\TAPI32.dll (0x76E60000) C:\WINDOWS\System32\WINMM.dll (0x76AA0000) C:\WINDOWS\system32\CRYPT32.dll (0x761B0000) C:\WINDOWS\system32\MSASN1.dll (0x76190000) C:\WINDOWS\System32\WZCSvc.DLL (0x76D30000) C:\WINDOWS\System32\WMI.dll (0x76CC0000) C:\WINDOWS\System32\DHCPCSVC.DLL (0x76D10000) C:\WINDOWS\System32\WTSAPI32.dll (0x76F00000) C:\WINDOWS\System32\WINSTA.dll (0x76260000) C:\WINDOWS\System32\ESENT.dll (0x69750000) C:\WINDOWS\System32\WZCSAPI.DLL (0x730A0000) C:\WINDOWS\system32\mswsock.dll (0x71B20000) C:\WINDOWS\System32\wshtcpip.dll (0x71AE0000) C:\WINDOWS\System32\winrnr.dll (0x76F70000) C:\WINDOWS\System32\rasadhlp.dll (0x76F80000) C:\WINDOWS\system32\kerberos.dll (0x71CA0000) C:\WINDOWS\System32\cryptdll.dll (0x766E0000) C:\WINDOWS\system32\msv1_0.dll (0x76C90000) C:\WINDOWS\System32\security.dll (0x71F60000) escape key pressed: stopped watching PID 1276 System Date: Tue Oct 07 14:01:16 2003 ========= end of log file =========
Important When you use either the -wport command or the -wpid command together with the logging parameter (-l), you must press the ESC key to stop PortQry for PortQry to correctly close the log file and exit. If you press CTRL+C to stop PortQry instead of ESC, the log file does not close correctly. In this scenario, the log file may be empty or corrupted.
References
For additional information about how to use PortQry, click the following article numbers to view the articles in the Microsoft Knowledge Base:
310099 Description of the Portqry.exe command-line utility
310456 How to use Portqry to troubleshoot Active Directory connectivity issues
310298 How to use Portqry.exe to troubleshoot Microsoft Exchange Server connectivity issues
310513 How to make Portqry.exe only report listening ports
Important The PortQueryUI tool provides a graphical user interface and is available for download. PortQueryUI has several features that can make using PortQry easier. To obtain the PortQueryUI tool, visit the following Microsoft Web site:
Very Nice article,Keep Updating.
ReplyDeleteServicenow Online Training In India