Around the end of 2003, Microsoft released Portqry 2.0. This upgraded version offers some newer features such as interactive mode, the ability to track all ports associated with any particular process, as well as compatibility for firewall, and is freely downloadable from Microsoft's Web site.
The utility allows you to select a computer, analyse it and get a report of port status on TCP and/or UDP ports, allowing you to solve network related issues.
What is PortQry?
Telnet is a good tool to use to test ports but it's limited. If you need to see if your SMTP server is in service, you can test it by attaching to port 25 via telnet by typing 'telnet 25' at the command line or using the Run command from the Start button and typing telnet 10.1.1.1 25 (or whatever your SMTP server's address is).
Once connected to an SMTP relay you can run commands for test purposes. Many engineers and administrators are very comfortable with telnet, which means tools like Secure Shell *SSH* and PortQry are used less often. And since telnet can be used in the testing and troubleshooting of ports and connectivity, why would you want to use anything else? Because telnet has its limitations for port testing, that’s why.
One example is that it cannot determine whether a port is being filtered, which is very common these days given the number of Internet facing routers out there using various forms of filtering, and the plethora of firewalls out there screening ports. Home PCs also have the ability to filter ports; most major operating systems have had this functionality for a long time. A tool like Telnet is also unable to test UDP traffic. In Microsoft-based networks, (or just about any network today), you will want to be able to work with UDP based protocols like LDAP or RPC. Most of the NetBIOS protocol structure uses UDP. In the rest of this article, we will be using Microsoft Exchange Server (and SMTP) as the example.
So, where does PortQry come in? PortQry is nothing more than a tool developed to aid in the troubleshooting of helping solve connectivity issues by allowing for the scanning of ports in a better way. So, let’s use these next two articles as a way to master the use of the tool. We will look at it in such a way that you suddenly integrate it into your troubleshooting tool belt to help solve some issues you may come across in the future. Get PortQry and then let's take a close look at using it.
How PortQry works
Microsoft developed PortQry help with the troubleshooting of IP connectivity issues by allowing for better scanning of ports. So let’s learn how it works so we can exploit its benefits in the field. Before you learn the mechanics of using it (it’s actually very easy to use), you should understand how it works because knowing that will show you its strengths.
PortQry reports the status of a port on a target host in one of three ways:
- Listening A process is listening on the port on the computer that you selected. Portqry.exe received a response from the port
- Not Listening No process is listening on the target port on the target system. Portqry.exe received an Internet Control Message Protocol (ICMP) "Destination Unreachable - Port Unreachable" message back from the target UDP port. Or if the target port is a TCP port, Portqry received a TCP acknowledgement packet with the Reset flag set
- Filtered The port on the computer that you selected is being filtered. Portqry.exe did not receive a response from the port. A process may or may not be listening on the port. By default, TCP ports are queried three times, and UDP ports are queried once before a report indicates that the port is filtered. PortQry reports if a port is being filtered, which most other utilities don't -- they'll report that the port is not listening or something like that.
Now that you understand the power of PortQry, let’s take a look at the mechanics. Using PortQry.exe is actually a pretty easy and straightforward. Once you learn the syntax, then you will be just as comfortable with it as you may be with Ping and Tracert, two other excellent tools to test connectivity with.
After you download PortQry, you have to set it up. Since it's nothing but a simple executable, I usually extract it to my desktop and stick it in my WindowsSystem32 folder because the system path is set up that way by default so you can just go Start > Run, enter PortQry and go. You will be all set up to use it.
Once you are at the command prompt and ready to use it, take a couple of minutes and read through the syntax of the tool itself.
Important switches to remember include:
-n [server] IP address or name of system to query
-p [protocol] TCP or UDP or BOTH (default is TCP)
-e [endpoint] single port to query (valid range: 1-65535)
-r [endpoint range] range of ports to query (start:end)
-o [endpoint order] range of ports to query in an order (x,y,z)
-l [logfile] name of log file to create
-s “slow link delay" waits longer for UDP replies from remote systems
-I bypasses default IP address-to-name lookup; ignored unless an IP address is specified after -n
-q “quiet" operation runs with no output
You can also analyse SNMP as well. Let’s look at some examples of this tool and their switches in action.
In interactive mode, you use PortQry from its own command line, which can save you a lot of typing. To find the command set for interactive mode, hit 'q' or type 'help' at the prompt for a list of options:
Use the PortQry commandA common approach to seeing if your email servers are down would be to test connectivity using ping. However, your firewall may be blocking inbound ICMP packets to hosts on your network so this may not work. That’s where PortQry can help.
So how to verify that your email relay server is accepting connections? Sometimes you might want to analyse your relay in order to see if it accepts incoming connections. This will help to verify not only connectivity, but also verify a working system.
An example for this situation might be when your users are complaining about email problems in general – now narrowed down to a lack of incoming mail. If this is what the problem has been boiled down to be, you can query the relay and see if it’s operational by typing:
portqry -n www.rsnetworks.net -p tcp -e 25
The output from the command shows whether you have a functional relay.
Can you do it another way? I mentioned telnet earlier, and this can also show you how you can connect to a relay.
To telnet to it:
telnet port #
The hostname or IP address of the relay and the port (which is the TCP/IP port number for email such as 25 for SMTP, 110 for POP3)
If SMTP is not listening, PortQry will report:
TCP port 25 (SMTP service): NOT LISTENING
If SMTP is filtered, PortQry will report:
TCP port 25 (SMTP service): FILTERED
In this article we covered the use of PortQry, a Microsoft-developed tool that can help you troubleshoot connectivity problems, much like the email issue shown in this article.
PortQry is a great little tool to have in your tool belt when you need to verify if a port is open, closed, or being filtered somehow. In the final part of this series, yet to come, we will look at how to use PortQry in more depth by scanning other types of systems with it.