Windows portqry
Results 1 to 5 of 5

Thread: Windows portqry

  1. #1
    Senior Member Spyrus's Avatar
    Join Date
    Oct 2002
    Posts
    741

    Windows portqry

    I haven't seen this mentioned on here before but I was reading an article in one of my many monthly periodicals and a guy was looking for a way to query UDP ports were running on a server.

    Well there is a cool utility called portqry that you can download from Microsoft, throw it into your c:\windows folder and run it

    you can download it here

    Here is the info on it

    Code:
    Displays the state of TCP and UDP ports
    
    
    Command line mode:  portqry -n name_to_query [-options]
    Interactive mode:   portqry -i [-n name_to_query] [-options]
    Local Mode:         portqry -local | -wpid pid| -wport port [-options]
    
    Command line mode:
    
    portqry -n name_to_query [-p protocol] [-e || -r || -o endpoint(s)] [-q]
            [-l logfile] [-sp source_port] [-sl] [-cn SNMP community name]
    
    Command line mode options explained:
            -n [name_to_query] IP address or name of system to query
            -p [protocol] TCP or UDP or BOTH (default is TCP)
            -e [endpoint] single port to query (valid range: 1-65535)
            -r [end point range] range of ports to query (start:end)
            -o [end point order] range of ports to query in an order (x,y,z)
            -l [logfile] name of text log file to create
            -y overwrites existing text log file without prompting
            -sp [source port] initial source port to use for query
            -sl 'slow link delay' waits longer for UDP replies from remote systems
            -nr by-passes default IP address-to-name resolution
                ignored unless an IP address is specified after -n
            -cn specifies SNMP community name for query
                ignored unless querying an SNMP port
                must be delimited with !
            -q 'quiet' operation runs with no output
               returns 0 if port is listening
               returns 1 if port is not listening
               returns 2 if port is listening or filtered
    
    Notes:  PortQry runs on Windows 2000 and later systems
            Defaults: TCP, port 80, no log file, slow link delay off
            Hit Ctrl-c to terminate prematurely
    It has built in information on common ports as well which is kind of cool. It appears to be similar to a less intesive version of nmap.

    example:

    Code:
    TCP port 17 (qotd service): NOT LISTENING
    TCP port 18 (unknown service): NOT LISTENING
    TCP port 19 (chargen service): NOT LISTENING
    TCP port 20 (ftp-data service): NOT LISTENING
    TCP port 21 (ftp service): LISTENING
    Data returned from port:
    TCP port 22 (unknown service): LISTENING
    TCP port 23 (telnet service): NOT LISTENING
    TCP port 24 (unknown service): NOT LISTENING
    TCP port 25 (smtp service): NOT LISTENING
    I ran that as just TCP but you can do UDP as well

    Hope someone can enjoy this
    Duct tape.....A whole lot of Duct Tape
    Spyware/Adaware problem click
    here

  2. #2
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    PortQry is quite nice... I've played with it a bit in the past....

    I actually like it for one of it's local processes.... Actually this command could possible warrant a tutorial to demonstrate everything you can do with it..

    Things like q mail will cause it to check smtp, pop3 and imap on a server..

    But if you do portqry -local you get a rather detailed list..

    How many ports are listening, how many are established..

    Then you get a process by process listing... if it's a process that runs assorted services (svchost, lsass).. it'll list the services that it is running... If the server has an open port... it'll list the associated ports... here's some examples from when I just ran it against myself

    PortQry Version 2.0 Log File

    System Date: Fri Jan 06 14:44:55 2006

    Command run:
    portqry -local -l logfile.txt

    Local computer name:

    DESKTOP

    TCP/UDP Port to Process Mappings

    36 mappings found

    PID Port Local IP State Remote IP:Port
    4 TCP 445 0.0.0.0 LISTENING 0.0.0.0:24596
    4 TCP 139 192.168.1.100 LISTENING 0.0.0.0:32980
    4 TCP 139 192.168.60.1 LISTENING 0.0.0.0:2128
    4 TCP 139 192.168.254.1 LISTENING 0.0.0.0:6314
    4 UDP 445 0.0.0.0 *:*
    4 UDP 137 192.168.1.100 *:*
    4 UDP 138 192.168.1.100 *:*
    4 UDP 137 192.168.60.1 *:*
    4 UDP 138 192.168.60.1 *:*
    4 UDP 137 192.168.254.1 *:*
    4 UDP 138 192.168.254.1 *:*
    388 UDP 1062 127.0.0.1 *:*
    812 TCP 5180 127.0.0.1 LISTENING 0.0.0.0:63546
    812 TCP 1059 192.168.1.100 ESTABLISHED 205.188.9.12:5190
    812 TCP 1085 192.168.1.100 ESTABLISHED 64.12.165.83:5190
    812 UDP 1066 127.0.0.1 *:*
    824 TCP 1041 192.168.1.100 ESTABLISHED 216.239.37.125:5222
    1076 TCP 3389 0.0.0.0 LISTENING 0.0.0.0:2144
    1124 TCP 135 0.0.0.0 LISTENING 0.0.0.0:34966
    1248 TCP 1034 127.0.0.1 LISTENING 0.0.0.0:39022
    1532 UDP 1038 0.0.0.0 *:*
    1532 UDP 1063 0.0.0.0 *:*
    1916 TCP 1025 0.0.0.0 LISTENING 0.0.0.0:39054
    2112 TCP 1417 192.168.1.100 ESTABLISHED 216.239.37.99:80
    2112 TCP 1496 192.168.1.100 ESTABLISHED 209.123.81.89:80
    2112 TCP 1498 192.168.1.100 ESTABLISHED 207.68.178.16:80
    2112 TCP 1499 192.168.1.100 ESTABLISHED 209.123.81.89:80
    2112 TCP 1503 192.168.1.100 ESTABLISHED 216.239.37.99:80
    2112 UDP 1099 127.0.0.1 *:*
    2204 UDP 1122 127.0.0.1 *:*
    2628 TCP 1048 192.168.1.100 ESTABLISHED 207.46.6.58:1863
    2628 TCP 1507 192.168.1.100 ESTABLISHED 64.4.36.46:1863
    2628 TCP 1508 192.168.1.100 ESTABLISHED 207.68.178.16:80
    2628 UDP 1055 0.0.0.0 *:*
    2628 UDP 1045 127.0.0.1 *:*
    2628 UDP 9 192.168.1.100 *:*

    Port Statistics

    TCP mappings: 20
    UDP mappings: 16

    TCP ports in a LISTENING state: 9 = 45.00%
    TCP ports in a ESTABLISHED state: 11 = 55.00%


    Port and Module Information by Process

    Note: restrictions applied to some processes may
    prevent PortQry from accessing more information

    For best results run PortQry in the context of
    the local administrator
    System Process

    PID Port Local IP State Remote IP:Port
    4 TCP 445 0.0.0.0 LISTENING 0.0.0.0:24596
    4 TCP 139 192.168.1.100 LISTENING 0.0.0.0:32980
    4 TCP 139 192.168.60.1 LISTENING 0.0.0.0:2128
    4 TCP 139 192.168.254.1 LISTENING 0.0.0.0:6314
    4 UDP 445 0.0.0.0 *:*
    4 UDP 137 192.168.1.100 *:*
    4 UDP 138 192.168.1.100 *:*
    4 UDP 137 192.168.60.1 *:*
    4 UDP 138 192.168.60.1 *:*
    4 UDP 137 192.168.254.1 *:*
    4 UDP 138 192.168.254.1 *:*

    Process ID: 888 (services.exe)

    Service Name: Eventlog
    Display Name: Event Log
    Service Type: shares a process with other services

    Service Name: PlugPlay
    Display Name: Plug and Play
    Service Type: shares a process with other services

    Process ID: 812 (aim.exe)

    Process doesn't appear to be a service

    PID Port Local IP State Remote IP:Port
    812 TCP 5180 127.0.0.1 LISTENING 0.0.0.0:63546
    812 TCP 1059 192.168.1.100 ESTABLISHED 205.188.9.12:5190
    812 TCP 1085 192.168.1.100 ESTABLISHED 64.12.165.83:5190
    812 UDP 1066 127.0.0.1 *:*
    It's basically like combining netstat and fport into a nice seperated readout..

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  3. #3
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    HT, aren't you suppose to be resting? Get off the Damm computer mate.



    Cheers:
    DjM

  4. #4
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,252
    *dino aims tiny neg gun at HT untill next week* Un Plug man!
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

  5. #5
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    Resting... .what's that?

    I've been resting for the last three days... I've gotta get my computer resistance back up... I need to go back to work on Monday... I'm basically doing an on off pattern today.

    I did 30 minutes on... and then 30 minutes off

    Then I did 45 on and 45 off.... (which almost did me in)

    I'm pushing for a full hour this time

    I am resting and relaxing though.. Thanks for your concern.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •