Windows OS Hub
  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange

 Windows OS Hub / PowerShell / Test-NetConnection: Check for Open/Closed Ports from PowerShell

August 27, 2019 PowerShell

Test-NetConnection: Check for Open/Closed Ports from PowerShell

Test-NetConnection – a ready-to-use cmdlet to check network connection has appeared in PowerShell 4.0 (Windows 2012 R2, Windows 8.1 and newer). You can use this cmdlet to check the response and availability of a remote server or network service on it, TCP ports blocked by firewalls, check ICMP availability and routing. In fact, the Test-NetConnection cmdlet can replace several standard network admin tools at once: ping, traceroute, TCP port scanner, etc.

Contents:
  • Testing for Open/Closed Server TCP Ports with Test-NetConnection
  • Test-NetConnection in PowerShell Monitoring Scripts
  • Simple IP Network / Port Scanner with PowerShell

From time to time, any administrator has to check service availability on a remote server by checking remote TCP port response (for example, the availability of an email or web server). Moreover, most admins are used to perform such a port check with the telnet command. For example, to make sure the SMTP service  responds on the email server (by default, it responds on TCP Port 25) it is enough to run telnet ny-msg01.woshub.com 25 command. But starting from Windows 7, the telnet client has become a feature to be installed separately. Let’s see how to check for open/closed TCP ports using PowerShell.

The main benefit of the Test-NetConnection cmdlet is that it is already a part of all modern versions of Windows and you don’t need to install it separately. The cmdlet is a part of the NetTCPIP module (starting with PoSh v4.0).

Tip. You can check the current installed version of PowerShell with the command: $PSVersionTable.PSVersion

$PSVersionTable.PSVersion

Value 4 in the Major column means that PowerShell 4.0 is installed on your computer.

Testing for Open/Closed Server TCP Ports with Test-NetConnection

Let’s check if TCP Port 25 (SMTP protocol) is open (available) on the remote email server using Test-NetConnection:

Test-NetConnection -ComputerName ny-msg01 -Port 25

Note. Using Test-NetConnection cmdlet, you can check only TCP port connection, and it is not applicable to check the availability of the remote UDP ports.

The shortened version of the same command looks like this: TNC ny-msg01 -Port 25

Test-NetConnection check remote tcp port

Let’s consider the result of the command:

ComputerName           : ny-msg01
RemoteAddress          : 10.20.1.7
RemotePort             : 25
InterfaceAlias         : CORP
SourceAddress          : 10.20.1.79
PingSucceeded          : True
PingReplyDetails (RTT) : 0 ms
TcpTestSucceeded       : True

As you can see, the cmdlet resolves the server name to IP address, checks the ICMP response (similar to ping) and the availability of the TCP port. The specified server responds via ICMP (PingSucceeded = True) and the TCP Port 25 is open (RemotePort=25, TcpTestSucceeded= True).

Note. In some cases, it may occur that PingSucceeded=False, and TcpTestSucceeded=True. It is likely to mean that ICMP Ping is forbidden on the remote server.

The cmdlet has a special parameter –CommonTCPPort, which allows you to specify the name of a known network protocol (HTTP, RDP, SMB, WINRM).

For example, to check the availability of an HTTP web server, you can use the command:

Test-NetConnection -ComputerName woshub.com -CommonTCPPort HTTP

Or RDP port (3389) availability:

Test-NetConnection ny-rds1 –CommonTCPPort RDP

You can list all the parameters that the Test-NetConnection cmdlet returns:

Test-NetConnection ny-man01 -port 445|Format-List *

Test-NetConnection all connection state properties

If you only need to see if the port is available, it can be checked more quickly:

TNC ny-msg1 -Port 25 -InformationLevel Quiet

The cmdlet returned True, which means the remote port is accessible.

TNC ny-msg1 -Port 25 -InformationLevel Quiet

Tip. In earlier PowerShell versions, you could check TCP port availability as follows:

(New-Object System.Net.Sockets.TcpClient).Connect(‘ny-msg01’, 25)

(New-Object System.Net.Sockets.TcpClient).Connect

In Windows 10 / Windows Server 2016, you can use the Test-NetConnection cmdlet to trace the route to a remote server using the –TraceRoute parameter (analogous to tracert command in Windows). Using the –Hops parameter, you can limit the maximum number of hopes during route check.

Test-NetConnection ny-man01 –TraceRoute

The cmdlet returned the network summary delay when accessing the server in milliseconds (PingReplyDetails (RTT): 41 ms) and all the IP addresses of the routers on the way to the target server.

Test-NetConnection: powershell TraceRoute

Test-NetConnection in PowerShell Monitoring Scripts

The following command allows you to check the availability of a specific port on a number of servers, the list of which is stored in a plain text file list_servers.txt. We need the servers where the specified service doesn’t respond:

Get-Content c:\PS\list_servers.txt |  where { -NOT (Test-Netconnection $_ -Port 25  -InformationLevel Quiet)}| Format-Table -AutoSize

Similarly, you can create a simple monitoring script that checks the availability of servers and displays a notification if one of the servers is unavailable.

For example, you can check the availability of basic services on all domain controllers (a DC list can be obtained with the Get-ADDomainController cmdlet). Let’s check the following services on DC (the PortQry tool has a similar “Domain and trusts” rule):

  • RPC – TCP/135
  • LDAP – TCP/389
  • LDAP – TCP/3268
  • DNS – TCP/53
  • Kerberos – TCP/88
  • SMB – TCP/445

$Ports  = "135","389","636","3268","53","88","445","3269", "80", "443"
$AllDCs = Get-ADDomainController -Filter * | Select-Object Hostname,Ipv4address,isGlobalCatalog,Site,Forest,OperatingSystem
ForEach($DC in $AllDCs)
{
Foreach ($P in $Ports){
$check=Test-NetConnection $DC -Port $P -WarningAction SilentlyContinue
If ($check.tcpTestSucceeded -eq $true)
{Write-Host $DC.name $P -ForegroundColor Green -Separator " => "}
else
{Write-Host $DC.name $P -Separator " => " -ForegroundColor Red}
}

The script will check the specified TCP ports on the domain controllers, and if one of the ports is unavailable, it will highlight it in red (you can run this PowerShell script as a Windows service).

poweshell: test for open and closed ports on an active directory domain controller

Simple IP Network / Port Scanner with PowerShell

You can also implement a simple port and IP subnet network scanner to scan remote servers or subnets for open/closed TCP ports.

Scan the range of IP addresses on open port 3389:

foreach ($ip in 100..150) {Test-NetConnection -Port 3389 -InformationLevel "Detailed" 192.168.1.$ip}

Scan the range of TCP ports from 1 to 1024 on the specified remote server:

foreach ($port in 1..1024) {If (($a=Test-NetConnection srvfs01 -Port $port -WarningAction SilentlyContinue).tcpTestSucceeded -eq $true){ "TCP port $port is open!"}}

powershell network port scanner script

1 comment
1
Facebook Twitter Google + Pinterest
previous post
How to Reset a User Password in Active Directory with PowerShell?
next post
Managing Exchange Mailbox Inbox Rules with PowerShell

Related Reading

How to Sign a PowerShell Script (PS1) with...

February 25, 2021

Configuring PowerShell Script Execution Policy

February 18, 2021

Updating Group Policy Settings on Windows Domain Computers

February 16, 2021

How to Find Inactive Computers and Users in...

January 29, 2021

Checking User Logon History in Active Directory Domain...

January 22, 2021

1 comment

Pat November 21, 2018 - 8:26 pm

blurred hostname in imagery, kept in it write-up… :

Reply

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange
  • Windows 10
  • Windows 8
  • Windows 7
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2008 R2
  • PowerShell
  • VMWare
  • MS Office

Recent Posts

  • How to Troubleshoot, Repair and Rebuild the WMI Repository?

    March 2, 2021
  • Accessing USB Flash Drive from VMWare ESXi

    February 26, 2021
  • How to Sign a PowerShell Script (PS1) with a Code Signing Certificate?

    February 25, 2021
  • Change the Default Port Number (TCP/1433) for a MS SQL Server Instance

    February 24, 2021
  • How to Shadow (Remote Control) a User’s RDP session on RDS Windows Server 2016/2019?

    February 22, 2021
  • Configuring PowerShell Script Execution Policy

    February 18, 2021
  • Configuring Proxy Settings on Windows Using Group Policy Preferences

    February 17, 2021
  • Updating Group Policy Settings on Windows Domain Computers

    February 16, 2021
  • Managing Administrative Shares (Admin$, IPC$, C$, D$) in Windows 10

    February 11, 2021
  • Packet Monitor (PktMon) – Built-in Packet Sniffer in Windows 10

    February 10, 2021

Follow us

woshub.com
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • Install RSAT Feature on Demand on Windows 10 1809 and Later
  • Get-ADUser: Getting Active Directory Users Info via PowerShell
  • How to Create a UEFI Bootable USB Drive to Install Windows 10 or 7?
  • Managing Printers and Drivers with PowerShell in Windows 10 / Server 2016
  • Get-ADComputer: Find Computer Details in Active Directory with PowerShell
  • PSWindowsUpdate: Managing Windows Updates from PowerShell
  • PowerShell: Get Folder Sizes on Disk in Windows
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top