Today I came across a simple but useful tool which runs on Windows systems that will help determine if a remote host is listening on a particular port. I wanted to share that information.
PortQry is attractive because of its simplicity, plus, it is supported and distributed by Microsoft themselves. The help section reads like this:
PortQry version 2.0 Displays the state of TCP and UDP ports Command line mode: portqry -n name_to_query [-options] Interactive mode: portqry -i [-n name_to_query] [-options] Local Mode: portqry -local | -wpid pid| -wport port [-options] Command line mode: portqry -n name_to_query [-p protocol] [-e || -r || -o endpoint(s)] [-q] [-l logfile] [-sp source_port] [-sl] [-cn SNMP community name] Command line mode options explained: -n [name_to_query] IP address or name of system to query -p [protocol] TCP or UDP or BOTH (default is TCP) -e [endpoint] single port to query (valid range: 1-65535) -r [end point range] range of ports to query (start:end) -o [end point order] range of ports to query in an order (x,y,z) -l [logfile] name of text log file to create -y overwrites existing text log file without prompting -sp [source port] initial source port to use for query -sl 'slow link delay' waits longer for UDP replies from remote systems -nr by-passes default IP address-to-name resolution ignored unless an IP address is specified after -n -cn specifies SNMP community name for query ignored unless querying an SNMP port must be delimited with ! -q 'quiet' operation runs with no output returns 0 if port is listening returns 1 if port is not listening returns 2 if port is listening or filtered Notes: PortQry runs on Windows 2000 and later systems Defaults: TCP, port 80, no log file, slow link delay off Hit Ctrl-c to terminate prematurely examples: portqry -n myserver.com -e 25 portqry -n 10.0.0.1 -e 53 -p UDP -i portqry -n host1.dev.reskit.com -r 21:445 portqry -n 10.0.0.1 -o 25,445,1024 -p both -sp 53 portqry -n host2 -cn !my community name! -e 161 -p udp ...
The PortQry “install” consisted of unzipping a ZIP file, so, no install at all, and no special permissions needed, which is a plus in my book.
Of course there is always nmap. I never really got into it so much, but clearly you can go nuts with it. One advantage is that it is available on linux and MacOS as well. But in my opinion it is a heavy-handed install.
References and related