Portqry.exe, a part of Support Tools for Windows 2003, is a convenient tool to check the availability of TCP / UDP ports on a remote server that enables to diagnose issues related to operation of various services and presence of firewalls in TCP/IP networks. The first version of Portqry for Windows Server 2003 doesn’t work correctly in newer OS versions (Windows Server 2008 +), so the second version of the utility, PortQryV2, has been released. It is the version that you should use today (you can download PortQryV2 here).
Originally Portqry utility was exclusively a console (CLI) tool. For example, to check the availability of a DNS server from a client, you need to check that 53 TCP and UDP ports are open on it. The syntax of the command was as follows:
PortQry -n server [-p protocol] [-e || -r || -o endpoint(s)]
- -n is the name or IP address of the server, which availability you are checking;
- -e is the port number to be checked (from 1 to 65535);
- -r is the range of ports to be checked (for example, 1:80);
- -p is the protocol used for checking. It may be TCP, UDP or BOTH (TCP is used by default).
In our example, the command looks like this:
PortQry.exe –n 10.0.25.6 -p both -e 53
Portqry will return one of three states of port availability:
- Listening means that the port is open (accepts connections);
- Not Listening shows there isn’t any process on the target system that accepts connections on the specified port;
- Filtered means that PortQry hasn’t receive any response from the specified port or the response has been filtered. I. e., this port is not listening on the target system or the access to it is restricted by a firewall or some system settings.
In our example, the DNS server is available from the client both over TCP and UDP.
TCP port 53 (domain service): LISTENING
UDP port 53 (domain service): LISTENING
Using -o attribute, you can specify the sequence of ports to check their availability.
portqry -n 10.0.25.6 -p tcp -o 21,110,143
The next command scans the ranges of the well-known TCP/IP port numbers and returns the list of ports that accept the connections (works as TCP Port Scanner):
portqry -n 10.0.25.6 -r 1:1024 | find ": LISTENING"
PortQry has an built-in support of some network services. These are LDAP, Remote Procedure Calls (RPC), e-mail protocols SMTP / POP3 / IMAP4, SNMP, FTP/ TFTP, NetBIOS Name Service, L2TP, etc. In addition to checking port availability, the tool performs protocol-specific requests to obtain the status of services.
For example, using the following command you can check the availability of RPC endpoint mapper service (TCP/135) and get the list of names of RPC endpoints registered in the system (including their names, UUID, the address they are bounded to and the application they are related to).
portqry -n 10.0.25.6 -p tcp -e 135
portqry -n 10.0.25.6 -p tcp -e 135
TCP port 135 (epmap service): LISTENING
Using ephemeral source port
Querying Endpoint Mapper Database…
UUID: 8975497f-93f3-4376-9c9c-fd2277495c27 Frs2 Service
UUID: 6b5bd21e-528c-422c-af8c-a4079be4a448 Remote Fw APIs
UUID: 12345678-1234-abcd-ef22-0123456789ab IPSec Policy agent endpoint
UUID: 3c4428c5-f0ab-448b-bda1-6ce01eb0a6d5 DHCP Client LRPC Endpoint
Total endpoints found: 61
==== End of RPC Endpoint Mapper query response ====
portqry.exe -n 10.0.25.6 -e 135 -p TCP exits with return code 0x00000000.
To make it more convenient for the users who don’t like to use the command prompt, MSFT has developed the simplest graphic interface for portqry – PortQueryUI. You can download PortQueryUI from the official Microsoft download website: PortQueryUI.
Actually, PortQueryUI is a graphic add-in for portqry to create a command string and return the result in the graphic window.
Also, PortQueryUI has a number of the predefined set of queries to check the availability of the popular Microsoft services:
- Domain and trusts
- Exchange Server
- SQL Server
- IP Sec
- Web Server
- Net Meeting
I think PortQueryUI doesn’t need any special comments. It should be clear if you look at the screenshot below.
It is worth to comment on possible return codes in PortQueryUI (highlighted on the screenshot).
- 0 – the connection has been established successfully and the port is available;
- 1 – the specified port is unavailable or filtered;
- 2 – a normal return code when checking the availability of a UDP connection, since ACK response is not returned.