Port Query (PortQry.exe) is a command-line utility in the Windows working system which you can use to assist . The device reviews the port standing of TCP and UDP ports on a pc that you choose. In this put up, we are going to present you the way to use the Port Query device for community reconnaissance or forensic exercise.
Port Query (PortQry.exe) device in Windows 10
Windows has many instruments for diagnosing issues in TCP/IP networks (ping, , pathping, and many others.). But not all of them permit you to conveniently verify the standing or scan opened community ports on a server. The PortQry.exe utility is a handy device to verify the response of TCP/UDP ports on hosts to diagnose points associated to the operation of assorted community companies and firewalls in TCP/IP networks. Most usually, the Portqry utility is used as a extra useful alternative for telnet command, and in contrast to telnet, it additionally permits you to verify open UDP ports.
Computer programs use TCP and UDP for many of their communication, and all variations of Windows open many ports that present helpful performance akin to file sharing and distant process name (RPC). However, can use ports nefariously to open a again door for attackers into your laptop system. Whether you want to troubleshoot a obligatory community service or detect undesirable packages, you want to have the option to perceive and handle the site visitors between computer systems in your community. A fundamental step towards doing so is figuring out which packages are listening in your laptop programs’ community ports.
How to use Port Query Tool (PortQry.exe)
You can use Port Query each domestically and remotely on a server. To use Portqry.exe, you will want to obtain the device. Once you obtain PortQry.exe, extract the PortQryV2.exe archive, then open command immediate and run the command under to go to the listing with the utility:
Alternatively, you may navigate to the folder the place you downloaded the device to, and press Alt + D key combo, kind CMD and hit Enter to launch command immediate throughout the listing.
You can now proceed to use the device.
Remotely use Port Query (PortQry.exe) device
Port Query can scan distant programs, however it’s sluggish and unsophisticated in contrast with different port scanners. For instance, in contrast to Nmap, PortQry.exe doesn’t allow you to carry out scans that use specified packet flags (e.g., SYN, FIN).
For instance, to verify the supply of a DNS server from a shopper, you want to verify if 53 TCP and UDP ports are open on it. The syntax of the port verify command is as follows:
PortQry -n server [-p protocol] [-e || -r || -o endpoint(s)]
- -n is the title or IP tackle of the server, which availability you’re checking;
- -e is the port quantity to be checked (from 1 to 65535);
- -r is the vary of ports to be checked (for instance, 1:80);
- -p is the protocol used for checking. It could also be TCP, UDP or BOTH (TCP is utilized by default).
In our instance, the command appears to be like like this:
PortQry.exe –n 10.zero.25.6 -p each -e 53
PortQry.exe can question a single port, an ordered record of ports, or a sequential vary of ports. PortQry.exe reviews the standing of a TCP/IP port in one of many following 3 ways:
- Listening: A course of is listening on the port on the pc that you just chosen. Portqry.exe obtained a response from the port.
- Not Listening: No course of is listening on the goal port on the goal system. Portqry.exe obtained an Internet Control Message Protocol (ICMP) “Destination Unreachable – Port Unreachable” message again from the goal UDP port. Or if the goal port is a TCP port, Portqry obtained a TCP acknowledgment packet with the Reset flag set.
- Filtered: The port on the pc that you just chosen is being filtered. Portqry.exe didn’t obtain a response from the port. A course of might or might not be listening on the port. By default, TCP ports are queried thrice, and UDP ports are queried one time earlier than a report signifies that the port is filtered.
Locally use Port Query (PortQry.exe) device
What PortQry lacks in distant scanning options it makes up for with its distinctive local-machine capabilities. To allow native mode, run PortQry with the -local swap. When -local is the one swap used, PortQry enumerates all native port utilization and port-to-PID mapping. Instead of sorting the information by open port, PortQry lists it in accordance to PID, letting you rapidly see which functions have open community connections.
To watch port 80, you’d run the command under:
portqry -local -wport 80
It’s additionally value mentioning that Microsoft additionally made obtainable a graphical entrance finish to PortQry, referred to as PortQryUI.
PortQryUI features a model of portqry.exe and a few predefined companies, which consist merely of teams of ports to scan.
The PortQueryUI incorporates a number of predefined units of queries to verify the supply of the favored Microsoft companies:
- Domain and trusts (checking ADDS companies on an Active Directory area controller)
- Exchange Server
- SQL Server
- IP Sec
- Web Server
- Net Meeting
To use the PortQryUI, enter the DNS title or IP tackle of the distant server, choose one of many predefined companies (Query predefined service), or specify the port numbers for handbook port verify (Manually enter question ports) and click on the Query button.
Possible return codes in PortQueryUI is highlighted in the picture above:
- zero (0x00000000) – the connection has been established efficiently and the port is accessible.
- 1 (0x00000001) – the required port is unavailable or filtered.
- 2 (0x00000002) – a standard return code when checking the supply of a UDP connection, since ACK response just isn’t returned.
For extra info, you may go to Microsoft right here and right here.