How To: Mastering PortQry.exe (Part 1)

by [Published on 25 Jan. 2005 / Last Updated on 25 Jan. 2005]

In this article we will cover the fundamentals of using the PortQry command line tool. PortQry.exe is a utility that you can use to help you troubleshoot TCP/IP connections. The PortQry.exe utility runs on Windows 2000-based computers, on Windows XP-based computers, and on Windows Server 2003-based computers.


"For a complete guide to security, check out ''Security+ Study Guide and DVD Training System'' from Amazon.com"

At the end of 2003, beginning of 2004 Microsoft released Portqry 2.0 which was an upgrade from the first version. This newer version offers some newer features such as interactive mode, the ability for tracking of all ports associated with any particular process, as well as compatibility for firewall. The utility allows you to select a computer, analyze it and get a report of port status on TCP and/or UDP ports. Most recently upgraded to Version 2, PortQry is a tool that can help you solve network related issues once mastered.

What is PortQry?

Telnet is a good tool to use to test ports with but limited. If you need to see if your SMTP server is in service, you can test it by attaching to port 25 via telnet as follows:

telnet <ip address> 25

-or-

This will connect you to an SMTP relay so that you can run commands to test with. Since many engineers and administrators are very comfortable with telnet, tools like Secure Shell *SSH* and PortQry are used less often. Since telnet can be used in the testing and troubleshooting of ports and connectivity, why would you want to use anything else? The telnet utility has its limitations for port testing, that’s why.

One example is that it cannot determine whether a port is being filtered which is very common these days with the amount of Internet facing routers out there ‘basically’ filtering, and the plethora of firewalls out there screening ports. Home PC’s have the ability to filter ports. Most major operating systems have had this functionality for a long time now. A tool like Telnet is also unable to test UDP traffic. In Microsoft based networks, (or just about any network today), you will want to be able to work with UDP based protocols like LDAP or RPC. Most of the NETBIOS protocol structure uses UDP. In the rest of this article, we will be using Microsoft Exchange Server (and SMTP) as the example.

Getting PortQry

So, where does PortQry.exe come in? PortQry is nothing more than a tool developed to aid in the troubleshooting of helping solve connectivity issues by allowing for the scanning of ports in a better way. So, let’s use these next two articles as a way to master the use of the tool. We will look at it in such a way that you suddenly integrate it into your troubleshooting tool belt to help solve some issues you may come across in the future. Let’s get PortQry and then take a close look at using PortQry.

Get PortQry (version 2)

How PortQry Works

Microsoft was kind enough to develop PortQry to aid in the troubleshooting of connectivity issues by allowing for better scanning of ports so let’s learn how it works so we can exploit its benefits in the field. Before you learn the mechanics of using it (it’s actually very easy to use), you should understand how it works because knowing that will show you its strengths.

PortQry when utilized will report the status of a port on a target host in one of three ways:

Listening

A process is listening on the port on the computer that you selected. Portqry.exe received a response from the port

Not Listening

No process is listening on the target port on the target system. Portqry.exe received an Internet Control Message Protocol (ICMP) "Destination Unreachable - Port Unreachable" message back from the target UDP port. Or if the target port is a TCP port, Portqry received a TCP acknowledgement packet with the Reset flag set

Filtered

The port on the computer that you selected is being filtered. Portqry.exe did not receive a response from the port. A process may or may not be listening on the port. By default, TCP ports are queried three times, and UDP ports are queried one time before a report indicates that the port is filtered. Remember that with PortQry (and where it comes up a winner) is that it can report if a port is being filtered. Other utilizes will report that the port is ‘not listening’ or something like that and that is where this tool comes up a winner.

Using PortQry

Now that you understand the power of PortQry, let’s take a look at the mechanics. Using PortQry.exe is actually a pretty easy and straightforward. Once you learn the syntax, then you will be just as comfortable with it as you may be with Ping and Tracert, two other excellent tools to test connectivity with.

After you download PortQry, you have to set it up. Since it's nothing but a simple executable, I usually extract it to my desktop and stick it in my C:\WINDOWS\SYSTEM32 folder because the system path is already set up that way in my system so I can just go to Start => Run => CMD => Hit Enter => type PortQry and hit enter. You will be all set up to use it.

Here are some switches you can use with it. My advice to you would be that once you are at the command prompt and ready to use it. Take a couple of minutes and read through the syntax of the tool itself. Let’s take a look at this now.

Here are some important switches to remember.

-n [server]

IP address or name of system to query

-p [protocol]

TCP or UDP or BOTH (default is TCP)

-e [endpoint]

single port to query (valid range: 1-65535)

-r [endpoint range]

range of ports to query (start:end)

-o [endpoint order]

range of ports to query in an order (x,y,z)

-l  [logfile]

name of log file to create

-s

“slow link delay" waits longer for UDP replies from remote systems

-I

bypasses default IP address-to-name lookup; ignored unless an IP address is specified after -n

-q

“quiet" operation runs with no output

You can also analyze SNMP as well. Let’s look at some examples of this tool and their switches in action.

What is Interactive Mode?

There is also an Interactive Mode option with the following commands and switches. You can use PortQry to query ports from the command line in a command prompt (cmd.exe) window which is what we will learn about next in this article. Before we do, you should be aware of interactive mode. This mode will allow you to deal with another common issue that we have to deal with, which is ‘typing commands a million times’.

Because of this situation, you may want to spend some time looking at the command set for Interactive Mode. PortQry version 2.0 will allow you to run commands this way, but PortQry version 2.0 will allow you to function much like how NSLOOKUP operates, as soon in the next figure

At the prompt, you can type help for a list of options:

Use the PortQry Command

A common approach to seeing if your email servers are down would be to test connectivity to it by pinging it. Most likely though, you may be blocking inbound ICMP packets to hosts on your network so this may not work because you have a ‘filter’ in place – that’s ok, that’s where PortQry can help. So how do I verify that my email relay server is accepting connections?

Sometimes you might want to analyze your relay in order to see if it accepts incoming connections, this will help to verify not only connectivity, but also verify a working system! An example for this situation might be when your users are complaining (how often does this happen?) about email problems in general – now narrowed down to a lack of incoming mail. If this is what the problem has been boiled down to be, let’s query the relay and see if it’s operational:

You can see from the output from the command (and the added in notes), that you have a functional relay. PortQry was used to verify that. Can you do it another way? I mentioned telnet earlier, and this can also show you how you can connect to a relay.

To telnet to it:

telnet port #

The hostname or IP address of the relay and the port (which is the TCP/IP port number for email such as 25 for SMTP, 110 for POP3)

If SMTP is not listening, PortQry will report:

TCP port 25 (SMTP service): NOT LISTENING

If SMTP is Filtered, PortQry will report:

TCP port 25 (SMTP service): FILTERED

Summary

In this article we covered the use of PortQry, a Microsoft developed tool that can help you troubleshoot connectivity problems that you may encounter, much like the email issue shown in this article. PortQry is a great little tool to have in your tool belt when you need to verify if a port is open, closed, or being filtered somehow. In out next article which is part two of this series, we will look at how to use PortQry in more depth by scanning other types of systems with it. Stay tuned!

Links and Reference Material

PortQry Command Line Port Scanner Version 2.0

If you would like to be notified when Robert Shimonski releases Part 2 click here to sign up to our Real-time Article Update.

Featured Links