Windows OS Hub
  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu

 Windows OS Hub / PowerShell / Test-NetConnection: Check for Open/Closed Ports from PowerShell

August 27, 2019 PowerShell

Test-NetConnection: Check for Open/Closed Ports from PowerShell

Test-NetConnection – a ready-to-use cmdlet to check network connection has appeared in PowerShell 4.0 (Windows 2012 R2, Windows 8.1 and newer). You can use this cmdlet to check the response and availability of a remote server or network service on it, TCP ports blocked by firewalls, check ICMP availability and routing. In fact, the Test-NetConnection cmdlet can replace several standard network admin tools at once: ping, traceroute, TCP port scanner, etc.

Contents:
  • Testing for Open/Closed Server TCP Ports with Test-NetConnection
  • Test-NetConnection in PowerShell Monitoring Scripts
  • Simple IP Network / Port Scanner with PowerShell

From time to time, any administrator has to check service availability on a remote server by checking remote TCP port response (for example, the availability of an email or web server). Moreover, most admins are used to perform such a port check with the telnet command. For example, to make sure the SMTP service  responds on the email server (by default, it responds on TCP Port 25) it is enough to run telnet ny-msg01.woshub.com 25 command. But starting from Windows 7, the telnet client has become a feature to be installed separately. Let’s see how to check for open/closed TCP ports using PowerShell.

The main benefit of the Test-NetConnection cmdlet is that it is already a part of all modern versions of Windows and you don’t need to install it separately. The cmdlet is a part of the NetTCPIP module (starting with PoSh v4.0).

Tip. You can check the current installed version of PowerShell with the command: $PSVersionTable.PSVersion

$PSVersionTable.PSVersion

Value 4 in the Major column means that PowerShell 4.0 is installed on your computer.

Testing for Open/Closed Server TCP Ports with Test-NetConnection

Let’s check if TCP Port 25 (SMTP protocol) is open (available) on the remote email server using Test-NetConnection:

Test-NetConnection -ComputerName ny-msg01 -Port 25

Note. Using Test-NetConnection cmdlet, you can check only TCP port connection, and it is not applicable to check the availability of the remote UDP ports.

The shortened version of the same command looks like this: TNC ny-msg01 -Port 25

Test-NetConnection check remote tcp port

Let’s consider the result of the command:

ComputerName           : ny-msg01
RemoteAddress          : 10.20.1.7
RemotePort             : 25
InterfaceAlias         : CORP
SourceAddress          : 10.20.1.79
PingSucceeded          : True
PingReplyDetails (RTT) : 0 ms
TcpTestSucceeded       : True

As you can see, the cmdlet resolves the server name to IP address, checks the ICMP response (similar to ping) and the availability of the TCP port. The specified server responds via ICMP (PingSucceeded = True) and the TCP Port 25 is open (RemotePort=25, TcpTestSucceeded= True).

Note. In some cases, it may occur that PingSucceeded=False, and TcpTestSucceeded=True. It is likely to mean that ICMP Ping is forbidden on the remote server.

The cmdlet has a special parameter –CommonTCPPort, which allows you to specify the name of a known network protocol (HTTP, RDP, SMB, WINRM).

For example, to check the availability of an HTTP web server, you can use the command:

Test-NetConnection -ComputerName woshub.com -CommonTCPPort HTTP

Or RDP port (3389) availability:

Test-NetConnection ny-rds1 –CommonTCPPort RDP

You can list all the parameters that the Test-NetConnection cmdlet returns:

Test-NetConnection ny-man01 -port 445|Format-List *

Test-NetConnection all connection state properties

If you only need to see if the port is available, it can be checked more quickly:

TNC ny-msg1 -Port 25 -InformationLevel Quiet

The cmdlet returned True, which means the remote port is accessible.

TNC ny-msg1 -Port 25 -InformationLevel Quiet

Tip. In earlier PowerShell versions, you could check TCP port availability as follows:

(New-Object System.Net.Sockets.TcpClient).Connect(‘ny-msg01’, 25)

(New-Object System.Net.Sockets.TcpClient).Connect

In Windows 10 / Windows Server 2016, you can use the Test-NetConnection cmdlet to trace the route to a remote server using the –TraceRoute parameter (analogous to tracert command in Windows). Using the –Hops parameter, you can limit the maximum number of hopes during route check.

Test-NetConnection ny-man01 –TraceRoute

The cmdlet returned the network summary delay when accessing the server in milliseconds (PingReplyDetails (RTT): 41 ms) and all the IP addresses of the routers on the way to the target server.

Test-NetConnection: powershell TraceRoute

Test-NetConnection in PowerShell Monitoring Scripts

The following command allows you to check the availability of a specific port on a number of servers, the list of which is stored in a plain text file list_servers.txt. We need the servers where the specified service doesn’t respond:

Get-Content c:\PS\list_servers.txt |  where { -NOT (Test-Netconnection $_ -Port 25  -InformationLevel Quiet)}| Format-Table -AutoSize

Similarly, you can create a simple monitoring script that checks the availability of servers and displays a notification if one of the servers is unavailable.

For example, you can check the availability of basic services on all domain controllers (a DC list can be obtained with the Get-ADDomainController cmdlet). Let’s check the following services on DC (the PortQry tool has a similar “Domain and trusts” rule):

  • RPC – TCP/135
  • LDAP – TCP/389
  • LDAP – TCP/3268
  • DNS – TCP/53
  • Kerberos – TCP/88
  • SMB – TCP/445

$Ports  = "135","389","636","3268","53","88","445","3269", "80", "443"
$AllDCs = Get-ADDomainController -Filter * | Select-Object Hostname,Ipv4address,isGlobalCatalog,Site,Forest,OperatingSystem
ForEach($DC in $AllDCs)
{
Foreach ($P in $Ports){
$check=Test-NetConnection $DC -Port $P -WarningAction SilentlyContinue
If ($check.tcpTestSucceeded -eq $true)
{Write-Host $DC.name $P -ForegroundColor Green -Separator " => "}
else
{Write-Host $DC.name $P -Separator " => " -ForegroundColor Red}
}

The script will check the specified TCP ports on the domain controllers, and if one of the ports is unavailable, it will highlight it in red (you can run this PowerShell script as a Windows service).

poweshell: test for open and closed ports on an active directory domain controller

Simple IP Network / Port Scanner with PowerShell

You can also implement a simple port and IP subnet network scanner to scan remote servers or subnets for open/closed TCP ports.

Scan the range of IP addresses on open port 3389:

foreach ($ip in 100..150) {Test-NetConnection -Port 3389 -InformationLevel "Detailed" 192.168.1.$ip}

Scan the range of TCP ports from 1 to 1024 on the specified remote server:

foreach ($port in 1..1024) {If (($a=Test-NetConnection srvfs01 -Port $port -WarningAction SilentlyContinue).tcpTestSucceeded -eq $true){ "TCP port $port is open!"}}

powershell network port scanner script

3 comments
1
Facebook Twitter Google + Pinterest
previous post
Changing Desktop Background Wallpaper in Windows through GPO
next post
Managing Exchange Mailbox Inbox Rules with PowerShell

Related Reading

Create Organizational Units (OU) Structure in Active Directory...

May 17, 2022

Windows Security Won’t Open or Shows a Blank...

May 17, 2022

How to Manually Install Windows Updates from CAB...

May 16, 2022

Enable or Disable MFA for Users in Azure/Microsoft...

April 27, 2022

Fix: You’ll Need a New App to Open...

April 27, 2022

3 comments

Pat November 21, 2018 - 8:26 pm

blurred hostname in imagery, kept in it write-up… :

Reply
Alex March 25, 2021 - 1:33 pm

Of course, hostnames are replaced with arbitrary values in the text.

Reply
Tatu August 11, 2021 - 2:44 pm

#Small update for looping variables:
$Ports = “135”,”389″,”636″,”3268″,”53″,”88″,”445″,”3269″, “80”, “443”
$AllDCs = Get-ADDomainController -Filter * | Select-Object Hostname,Ipv4address,isGlobalCatalog,Site,Forest,OperatingSystem
ForEach($DC in $AllDCs)
{
Foreach ($P in $Ports){
$check=Test-NetConnection $DC.Ipv4address -Port $P -WarningAction SilentlyContinue
If ($check.tcpTestSucceeded -eq $true)
{Write-Host $DC.Hostname $P -ForegroundColor Green -Separator ” => “}
else
{Write-Host $DC.Hostname $P -Separator ” => ” -ForegroundColor Red}
}

}

Reply

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows 7
  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012 R2
  • PowerShell
  • VMWare
  • Hyper-V
  • MS Office

Recent Posts

  • Create Organizational Units (OU) Structure in Active Directory with PowerShell

    May 17, 2022
  • Windows Security Won’t Open or Shows a Blank Screen on Windows 10/ 11

    May 17, 2022
  • How to Manually Install Windows Updates from CAB and MSU Files?

    May 16, 2022
  • RDS and RemoteApp Performance Issues on Windows Server 2019/2016

    May 16, 2022
  • Deploying Software (MSI Packages) Using Group Policy

    May 12, 2022
  • Updating VMware ESXi Host from the Command Line

    May 11, 2022
  • Enable or Disable MFA for Users in Azure/Microsoft 365

    April 27, 2022
  • Fix: You’ll Need a New App to Open This Windows Defender Link

    April 27, 2022
  • How to Reset an Active Directory User Password with PowerShell and ADUC?

    April 27, 2022
  • How to Completely Uninstall Previous Versions of Office with Removal Scripts?

    April 26, 2022

Follow us

woshub.com

ad

  • Facebook
  • Twitter
  • RSS
Popular Posts
  • How to Find the Source of Account Lockouts in Active Directory domain?
  • Get-ADComputer: Find Computer Details in Active Directory with PowerShell
  • How to Create a UEFI Bootable USB Drive to Install Windows 10 or 7?
  • Adding Third-Party Drivers into VMWare ESXi 6.7 ISO Image
  • Managing Printers and Drivers with PowerShell in Windows 10 / Server 2016
  • How to Delete Old User Profiles Using GPO and PowerShell?
  • Deploy PowerShell Active Directory Module without Installing RSAT
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top