Port Query - Display the status of TCP and UDP ports, troubleshoot TCP/IP connectivity and security, return LDAP base query info, SMTP, POP3, IMAP4 status, enumerate SQL Server instances (UDP port 1434), Local ports, local services running (and the DLL modules loaded by each).
Portqry can query a single port, a list of several ports, or a sequential range of port numbers.
Portqry runs on Windows 2000 and later systems.
Syntax
The 3 modes are listed below: Command line, Local and Interactive mode.
Command line mode:
portqry -n name_to_query [-p protocol]
[-e | -r | -o endpoint(s)]
[other options]
Command line mode options:
-n [name_to_query] IP address or name of system to query
-p [protocol] TCP or UDP or BOTH (default is TCP)
-e [endpoint] Single Port to query (valid range: 1-65535)
-r [end point range] Range of ports to query (start:end)
-o [end point order] Range of ports to query in an order (x,y,z)
-l [logfile] Output a log file
-y Overwrite existing log file without prompting
-sp [source port] Initial source port to use for query
-sl 'slow link delay' Wait longer for UDP replies from remote systems
-nr By-pass default IP address-to-name resolution
ignored unless an IP address is specified after -n
-cn Specify SNMP community name for query.
Ignored unless querying an SNMP port.
Must be delimited with !
-q 'Quiet' operation runs with no output
returns 0 if port is listening
returns 1 if port is not listening
returns 2 if port is listening or filtered
Local Mode:
Local Mode gives detailed data on local system’s ports
portqry -local [-wt seconds] [-l logfile] [-v]
portqry -wpid pid [-wt seconds] [-l logfile] [-v]
portqry -wport port [-wt seconds] [-l logfile] [-v]
Local mode options:
-local Enumerate local port usage, port to process mapping,
service port usage, and list loaded modules
-wport [port_number] Watch the specified port
report when the port’s connection status changes
-wpid [process_ID] Watch the specified process ID (PID)
report when the PID’s connection status changes
-wt [seconds] Watch time option
specify how often to check for status changes
valid range: 1 - 1200 seconds (default = 60 secs)
-l [logfile] Log file to create
-v Verbose output
Interactive Mode:
An alternative to command line mode
portqry -i [-options]
For help with -i run portqry.exe and then type 'help' <enter>
For best results run local commands in the context of local administrator.
Port to process mapping is not be available on all systems.
Defaults: TCP, port 80, no log file, slow link delay off.
Hit Ctrl-C to terminate prematurely.
Watch all local connections:
portqry -local
Watch all local connections and log to a file:
portqry -local -l MyLogFile.txt -v
Watch all local connections to the local machine on port 80:
portqry -local -wport 80
Watch all local connections to PID 1272 and log to a file:
portqry -wpid 1272 -wt 5 -l MyLogFile.txt -y -v
Watch all local connections to port 53 and log to a file:
portqry -wport 53 -l dnslog.txt
Watch all connections to myserver.com to endpoint port 25:
portqry -n myserver.com -e 25
Watch all UDP connections to 10.0.0.1 via endpoint port 25:
portqry -n 10.0.0.1 -e 53 -p UDP -i
Watch all connections to host1.example.com via the port range 21 to 445:
portqry -n host1.example.com -r 21:445
Watch all UDP or TCP connections to 10.0.0.1 via the ports 25 or 445 or 1024 from the source port 53:
portqry -n 10.0.0.1 -o 25,445,1024 -p both -sp 53
Watch all UDP connections to host2 /endpoint port 161 from a specific SNMP community name:
portqry -n host2 -cn !my community name! -e 161 -p udp
“I always look for a woman who has a tattoo. I see a woman with a tattoo, and I’m thinking, okay, here’s a gal who’s capable of making a decision she’ll regret in the future” ~ Richard Jeni
PortQryUI - User Interface for the PortQry Command Line Port Scanner.
NSLOOKUP - Lookup IP addresses on a NameServer.
PortRptr - Port Reporter, logging service for TCP/IP port usage.
NETSH diag - Connect to TCP port.
WMIC PORTCONNECTOR - Access Physical port.
Port Numbers at IANA.
Jon Honeyball -
Routing to harden machines against attack.
Q310099 - Description of PortQry.
Q832919 - New features in PortQry Version2.
Q310456 - Use PortQry to Troubleshoot Active Directory Connectivity (port 389).
Q310298 - Use PortQry to Troubleshoot MS Exchange (port 25).