Download Portqry.exe Windows Server 2019
Dot Liljenquist
This article discusses the new features and functionality that are available in PortQry Command Line Port Scanner version 2.0.
PortQry version 1.22 is a TCP/IP connectivity testing utility that is included with the Microsoft Windows Server 2003 Support Tools. Microsoft has released a new version of PortQryV2.exe. This new version includes all the features and functionality of the earlier version and has new features and functionality. PortQryV2.exe is available from the Microsoft Download Center. To obtain PortQryV2.exe, visit the following Microsoft Web site:
PortQry is a command-line utility that you can use to help troubleshoot TCP/IP connectivity issues. This utility reports the port status of target TCP and User Datagram Protocol (UDP) ports on a local computer or on a remote computer. PortQry version 2.0 also provides detailed information about the local computer's port usage. PortQry version 2.0 runs on all the following operating systems:
Depending on the process that listens on a UDP port, sometimes it may be difficult to determine the status of that UDP port. When an unformatted zero-length or fixed-length message is sent to a target UDP port, the port may or may not respond. If the port responds, it has a status of LISTENING. If you receive an ICMP "Destination unreachable" message from a UDP port, or if a TCP reset response is returned from a TCP port, the port has a status of NOT LISTENING. Typical port scanning tools report that the port has a LISTENING status if the target UDP port does not return an ICMP "Destination unreachable" message. This result may not be accurate for one or both of the following reasons:
Typically, only one correctly formatted message that uses the session layer or that uses the application layer protocol that the listening service or the program understands elicits a response from the target port.
When you troubleshoot a connectivity problem, especially in an environment that contains one or more firewalls, it is useful to know if a port is being filtered or if it is listening. PortQry includes some special features to help make this determination on selected ports. If there is no response from a target UDP port, PortQry reports that the port is LISTENING or FILTERED. PortQry then sends a correctly formatted message that the listening service or program understands. PortQry uses the correct session layer or application layer protocol to determine if the port is listening. PortQry uses the Services file that is located in the %SYSTEMROOT%\System32\Drivers\Etc folder to determine which service listens on each port.
Note This file is stored on each Microsoft Windows Server 2003, Windows XP, and Windows 2000-based computer.
Because PortQry is intended as a troubleshooting tool, it is expected that users who use it to troubleshoot a particular problem have sufficient knowledge of their computing environment. PortQry version 2.0 supports the following session layer and application layer protocols:
PortQry can send an LDAP query by using both TCP and UDP and interpret an LDAP server's response to that query correctly. PortQry parses, formats, and then returns the response from the LDAP server to the user. For example, you type the following command, and then press ENTER:
In this example, you determine that port 389 is listening. Additionally, you can determine which LDAP service is listening on port 389 and certain details about that service.
back to the top
PortQry can send an RPC query by using both TCP and UDP and interpret the response to that query correctly. This query returns (dumps) all the end points that are currently registered with the RPC endpoint mapper. PortQry parses, formats, and then returns the response from the RPC endpoint mapper to the user. For example, you type the following command, and then press ENTER:
In this example, you determine that port 135 is listening. Additionally, you can determine which services or programs are registered with the RPC endpoint mapper database on the destination computer. The output includes the universal unique identifier (UUID) for each program, the annotated name (if one exists), the protocol that each program uses, the network address that the program is bound to, and the program's endpoint in square brackets.
Note When you specify the -r option in the PortQry.exe command to scan a range of ports, the RPC End Point Mapper is not queried. This makes the scan of a range of ports faster.
back to the top
PortQry then waits for a response from the destination DNS server. If the server returns a response, PortQry determines that the port is LISTENING.
Note It is not important whether the DNS server returns a negative response. Any response indicates that the port is listening.
back to the top
By default, the NetBIOS name service listens on UDP port 137. When PortQry determines that this port is LISTENING or FILTERED, PortQry performs the following actions to determine whether the port is actually listening:
SNMP support is a new feature in PortQry version 2.0. By default, the SNMP service listens on UDP port 161. To determine whether port 161 is listening, PortQry sends a query that is formatted in the way that the SNMP service accepts. The SNMP service is configured with a community name or a string that you must know to obtain a response from the server. With PortQry, you can specify SNMP community names when you query this port. By default, PortQry uses the community name, "Public." To specify a different community name, use the -cn command-line option. When you specify a community name in the PortQry.exe command, enclose that community name in exclamation marks (!). For example, to specify a community name such as secure123, type a command that is similar to the following command:
Microsoft ISA Server support is a new feature in PortQry version 2.0. By default, ISA Server uses TCP port 1745 and UDP port 1745 to communicate with Winsock proxy clients and with firewall clients. Computers that have the Winsock proxy client program or the Firewall client program installed use these ports to request services from ISA Server and to download configuration information. Typically, these services include name resolution services and other services that are not HTTP-based (for example, Winsock connections). To determine whether the port is listening, PortQry sends a query that is formatted in the way that ISA Server accepts.
When PortQry queries TCP port 1745, PortQry downloads the Mspclnt.ini file from the ISA Server if the Mspclnt.ini file is available on that port. The Mspclnt.ini file contains configuration information that Winsock proxy clients and Firewall clients use.
Microsoft SQL Server 2000 support is a new feature in PortQry version 2.0. PortQry queries UDP port 1434 to query all the SQL Server named instances that are running on a SQL Server 2000 computer. PortQry sends a query that is formatted in the way that SQL Server 2000 accepts to determines whether this port is listening.
TFTP support is a new feature in PortQry version 2.0. By default, TFTP servers listen on UDP port 69. PortQry sends a query that is formatted in the way that the TFTP server accepts to determine whether this port is listening.
L2TP support is a new feature in PortQry version 2.0. Routing and Remote Access servers and other virtual private networking (VPN) servers listen on UDP port 1701 for inbound L2TP connections. PortQry sends a query that is formatted in the way that the VPN server accepts to determine whether this port is listening.
By default, every Windows Server 2003, Windows XP, and Windows 2000-based computer has a Services file that is located in the %SYSTEMROOT%\System32\Drivers\Etc folder. PortQry uses this file to resolve port numbers to their corresponding service names. The content of this file dictates the ports where PortQry sends formatted messages when you use the PortQry.exe command. You can edit this file to direct PortQry to send formatted messages to an alternative port. For example, the following entry appears in a typical Services file:
For example, by default, the FTP service listens on TCP port 21. When PortQry determines that TCP port 21 on the destination computer is LISTENING, it uses the information from the Services file to determine that the FTP service is listening on this port.
Note You can change the service that PortQry determines is listening on a port by editing the Services file. For additional information, see the "Customize ports that queries use" section of this article.
In this scenario, PortQry tries to use the Anonymous user account to log on to the FTP server. The result of this logon attempt indicates whether the destination FTP server accepts anonymous logons. PortQry returns the server's response.
Example 1: You type a command that is similar to the following command, and then press ENTER:
In Example 1, you can determine the type of FTP server that is listening on the target port and whether the FTP server is configured to permit anonymous user logons.
Example 2: You type a command that is similar to the following command, and then press ENTER:
-q (quiet mode): This parameter is optional. Use this parameter to cause PortQry to suppress all output to the screen except for error messages. This parameter is especially helpful when you configure PortQry for use in a batch file. Depending on the status of the port, this parameter returns the following outputs:
In this example, PortQry uses UDP port 3001 on the local computer to send the query. Replies from this query go to UDP port 3001 on the local computer. PortQry cannot use the specified source port if another process already has bound to the port. In this scenario, PortQry returns the following error message:
ff7609af8f