Port request (PortQry.exe) is a Windows operating system command line utility that you can use to troubleshoot TCP / IP connectivity issues. The tool reports the status of the TCP and UDP ports on a computer you select. In this article, we will show you how to use the Port Query tool for network recognition or forensic activity.
Port Request Tool (PortQry.exe) in Windows 10
Windows has many tools for diagnosing problems in TCP / IP networks (ping, telnet, pathping, etc.). But not all of them allow you to easily check the status or analyze the open network ports on a server. The PortQry.exe utility is a handy tool for checking the response of TCP / UDP ports on hosts to diagnose problems related to the operation of various network services and firewalls in TCP / IP networks. Most often, the Portqry utility is used as a more functional replacement for the telnet command, and unlike telnet, it also allows you to check for open UDP ports.
Computer systems use TCP and UDP for most of their communications, and all versions of Windows open many ports that provide useful features such as file sharing and remote procedure call (RPC). However, malware such as Trojans can use ports in a harmful way to open a back door for attackers in your computer system. Whether you need to troubleshoot a necessary network service or detect unwanted programs, you should be able to understand and manage the traffic between the computers on your network. To do this, a basic step is to determine which programs are listening on the network ports of your computer systems.
How to use Port Query Tool (PortQry.exe)
You can use Port Query both locally and remotely on a server. To use Portqry.exe, you will need to download the tool. Once you Download PortQry.exe, extract it PortQryV2.exe archive, then open the command prompt and run the command below to access the directory with the utility:
cd c:PortQryV2
You can also go to the folder where you downloaded the tool and press Alt + D key combination, type CMD and press Enter to launch the command prompt in the directory.
You can now continue to use the tool.
Remotely use the Port Query tool (PortQry.exe)
Port Query can scan remote systems, but it is slow and unsophisticated compared to other port scanners. For example, unlike Nmap, PortQry.exe does not allow you to perform scans that use specified packet flags (for example, SYN, FIN).
For example, to check the availability of a DNS server from a client, you must check whether 53 TCP and UDP ports are open there. The syntax for the port check command is as follows:
PortQry -n server [-p protocol] [-e || -r || -o endpoint(s)]
Or:
- -not is the name or IP address of the server, the availability of which you are verifying;
- -e is the port number to check (from 1 to 65535);
- -r is the range of ports to check (for example, 1:80);
- -p is the protocol used for verification. It can be TCP, UDP or BOTH (TCP is used by default).
In our example, the command looks like this:
PortQry.exe –n 10.0.25.6 -p both -e 53
PortQry.exe can query a single port, an ordered list of ports, or a sequential range of ports. PortQry.exe reports the status of a TCP / IP port in one of three ways:
- Listen: A process is listening on the port of the computer you have selected. Portqry.exe received a response from the port.
- Do not listen: No process is listening on the target port of the target system. Portqry.exe received an Internet Control Message Protocol (ICMP) message “Destination unreachable – Port inaccessible” in return from the target UDP port. Or if the target port is a TCP port, Portqry received a TCP acknowledgment packet with the reset flag set.
- Filtered: The port on the computer you selected is filtered. Portqry.exe did not receive a response from the port. A process may or may not listen on the port. By default, TCP ports are polled three times and UDP ports are polled once before a report indicates that the port is filtered.
Use the Port Query tool locally (PortQry.exe)
What PortQry lacks in remote scanning functionality, it makes up for with its unique local machine capabilities. To activate local mode, run PortQry with the -local switch. When -local is the only switch used, PortQry enumerates all local port uses and port mapping to PID. Instead of sorting data by open port, PortQry lists it by PID, allowing you to quickly see which applications have open network connections.
To view port 80, you need to run the command below:
portqry -local -wport 80
Using PortQryUI
It should also be mentioned that Microsoft also made available a graphical interface for PortQry, called PortQryUI.
PortQryUI includes a version of portqry.exe and some predefined services, which simply consist of groups of ports to scan.
PortQueryUI contains several predefined sets of queries to check the availability of popular Microsoft services:
- Domain and trusts (ADDS verification on an Active Directory domain controller)
- Exchange server
- SQL server
- Networking
- Sec IP
- Web server
- Web conferencing
To use PortQryUI, enter the DNS name or IP adress from the remote server, select one of the predefined services (Predefined query service) or specify the port numbers for manual port verification (Enter request ports manually) and click on the Request button.
The possible return codes in PortQueryUI are highlighted in the image above:
- 0 (0x00000000) – the connection has been established successfully and the port is available.
- 1 (0x00000001) – the specified port is not available or filtered.
- 2 (0x00000002) – a normal return code when checking the availability of a UDP connection, because the ACK response is not returned.
For more information, you can visit Microsoft here and here.