Any port in a Query ?


As applications have evolved and more service oriented applications are in use the frequency of conflicts between applications trying to use TCPIP ports increases.  There are many well known ports such as 25 for mail and 80 for web but in theory any app can use a port if its not in use by another. So what if you want to check if a port is in use and if its got the correct application listening. There  are three basic tools you should have  telnet, netstat and portqry if you are looking at a port to see what state it is in as far as applications or services go.

Netstat is built in to recent versions of Windows but Telnet may need installed as Microsoft removed it from default installations. Portqry is a Microsoft utility which can be downloaded for testing here.

In this article I am going to cover Portqry as an adjunct to the other two tools. The use of the other two tools is just going to be outlined. Netstat is used on the windows machine where the service or application resides and shows the ports that are bound to the various IP addresses and TCP versions (4/6) supported byt the machine. A typical usage would be netstat -anb | more .

Telnet would be used in this context perhaps from the machine trying to communicate with the remote port. For example if the remote port was 5000 then using Telnet ip.address.of.remote 5000 would either give a “connect failed” if the port is not responding (or chose not to respond) or a blank dos session with a flashing cursor. Not great but it indicates if a service or application is responding. Bear in mind that is for TCP ports – so UDP needs something else

So enter the third tool – PortQry.

This can be used to get a better understanding of the remote port and its status – especially if

The summary below from Microsoft’s documentation outlines some example uses.

Note that there are some ports that portquery can elicit further information from

for example 53, 135, 389

using for example

portqry -n hostname -p 53 can query a dns server

portqry -n 8.8.8.8  -p udp -e 53 can give a result like

2015-12-01_12-30-33

 

SUMMARY

Portqry.exe is a command-line utility that you can use to help troubleshoot TCP/IP connectivity issues. Portqry.exe runs on Windows 2000-based computers, on Windows XP-based computers, and on Windows Server 2003-based computers. The utility reports the port status of TCP and UDP ports on a computer that you select.

Note Version 2 of Portqry.exe is now available. The Microsoft Download Center link at the end of this article has been updated to reflect the new version. Version 1.0 of Portqry.exe has been removed from the Microsoft Download Center.

MORE INFORMATION

Portqry.exe reports the status of a TCP/IP port in one of the following three ways:

  • Listening

    A process is listening on the port on the computer that you selected. Portqry.exe received a response from the port.

  • Not Listening

    No process is listening on the target port on the target system. Portqry.exe received an Internet Control Message Protocol (ICMP) “Destination Unreachable – Port Unreachable” message back from the target UDP port. Or if the target port is a TCP port, Portqry received a TCP acknowledgement packet with the Reset flag set.

  • Filtered

    The port on the computer that you selected is being filtered. Portqry.exe did not receive a response from the port. A process may or may not be listening on the port. By default, TCP ports are queried three times, and UDP ports are queried one time before a report indicates that the port is filtered.

Portqry.exe can query a single port, an ordered list of ports, or a sequential range of ports.

Examples

The following command tries to resolve “reskit.com” to an IP address and then queries TCP port 25 on the corresponding host:

portqry -n reskit.com -p tcp -e 25

The following command tries to resolve “169.254.0.11” to a host name and then queries TCP ports 143,110, and 25 (in that order) on the host that you selected. This command also creates a log file (Portqry.log) that contains a log of the command that you ran and its output.

portqry -n 169.254.0.11 -p tcp -o 143,110,25 -l portqry.log

The following command tries to resolve my_server to an IP address and then queries the specified range of UDP ports (135-139) in sequential order on the corresponding host. This command also creates a log file (my_server.txt) that contains a log of the command that you ran and its output.

portqry -n my_server -p udp -r 135:139 -l my_server.txt