MORE INFORMATION
A telnet client is typically used to determine if an SMTP, POP3, or IMAP service is listening on a TCP port on an e-mail server. Although telnet can be used to determine if these ports are listening, it does not indicate if the ports are being filtered. Also, telnet clients cannot typically be used to test UDP ports such as LDAP or RPC. Portqry.exe reports the status of a port in one of the following three ways:
Listening
A process is listening on the port on the computer you
choose. Portqry.exe received a response from the port.
Not Listening
No process is listening on the target port on the target system. Portqry.exe received an Internet Control Message Protocol (ICMP) "Destination Unreachable - Port Unreachable" message back from the target UDP port. Or if the target port is a TCP port, Portqry received a TCP acknowledgement packet with the
Reset flag set.
Filtered
The port on the computer you chose is being filtered. Portqry.exe did not receive a response from the port. A process may or may not be listening on the port. By default, TCP ports are queried three times and UDP ports are queried once before a report indicates that the port is filtered.
Portqry.exe can query a single port, an ordered list of ports, or a sequential range of ports.
Also, Portqry.exe displays "extended information" that is returned from some ports. Portqry.exe looks for "extended information" on ports where SMTP, POP3, IMAP4, and FTP services listen.
An example is SMTP. By default, SMTP listens on TCP port 25. When Portqry.exe finds that TCP port 25 on a target computer is LISTENING, it returns any "extended" information that the answering service provides.
Examples
You run the following command:
portqry -n MyMailServer -p tcp -e 25
TCP port 25 (smtp service): LISTENING
The following data is returned from the port:
220 MyMailServer.eu.reskit.com Microsoft ESMTP MAIL Service, Version:
5.0.2195.2966 ready at date and time -0700
In the preceding example, the output gives some indication as to what type of SMTP server is listening on the port. This information can be useful when you troubleshoot e-mail server connectivity issues. You can use Portqry.exe to query POP3 and IMAP services in the same way.
Portqry is also capable of querying an LDAP service. It knows how to send an LDAP query (by using UDP and TCP) and interpret an LDAP server response to the query. The response from the LDAP server is parsed, formatted and returned to the user.
You run the following command:
portqry -n myserver -p udp -e 389
Portqry.exe automatically resolves UDP port 389 by using the systemroot\system32\drivers\etc\services file that every Windows 2000 computer has. If it resolves the port to the LDAP service, it sends an unformatted user datagram to UDP port 389 on the target computer. Portqry.exe does not receive a response from the port as the LDAP service only responds to a properly-formatted LDAP query. Portqry.exe does report that the port is LISTENING or FILTERED. Portqry.exe then sends a properly-formatted LDAP query to UDP port 389. If it receives a response to the query, it returns the entire response to the user, and reports that the port is LISTENING. If Portqry.exe does not receive a response to the query, it reports that the port is FILTERED.
Example Output
UDP port 389 (unknown service): LISTENING or FILTERED
Sending LDAP query to UDP port 389...
LDAP query response:
currentdate: 09/03/2001 05:42:40 (unadjusted GMT)
subschemaSubentry:
CN=Aggregate,CN=Schema,CN=Configuration,DC=eu,DC=reskit,DC=com
dsServiceName: CN=NTDS
Settings,CN=myserver,CN=Servers,CN=eu,CN=Sites,CN=Configuration,DC=eu,DC=reskit,DC=com
namingContexts: DC=redmond,DC=eu,DC=reskit,DC=com
defaultNamingContext: DC=eu,DC=reskit,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=eu,DC=reskit,DC=com
configurationNamingContext: CN=Configuration,DC=eu,DC=reskit,DC=com
rootDomainNamingContext: DC=eu,DC=reskit,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 4259431
supportedSASLMechanisms: GSSAPI
dnsHostName: myserver.eu.reskit.com
ldapServiceName: eu.reskit.com:myserver$@eu.RESKIT.COM
serverName:
CN=MYSERVER,CN=Servers,CN=Sites,CN=Configuration,DC=eu,DC=reskit,DC=com
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
======== End of LDAP query response ========
UDP port 389 is LISTENING
In the preceding example, port 389 is listening and from the output, you can determine which LDAP service is listening on the port and some details about its configuration. This information may also be useful in troubleshooting various problems.
Portqry.exe knows how to send a query to the RPC end-point mapper (by using UDP and TCP) and interpret the response. This query dumps all of the end points that are currently registered with the RPC end-point mapper. The response from the end-point mapper is parsed, formatted, and returned to the user. For example when you run the
portqry -n myserver -p udp -e 135 command, Portqry.exe automatically resolves UDP port 135 by using the systemroot\system32\drivers\etc\services file that every Windows 2000 system has. If it resolves the port to the RPC End Point Mapper (EPMAP) service, it sends an unformatted user datagram to UDP port 135 on the target computer. Portqry.exe does not receive a response from the port because the RPC end-point mapper service only responds to a properly-formatted RPC query. Portqry.exe reports that the port is LISTENING or FILTERED. Portqry.exe then sends a properly-formatted RPC query to UDP port 135. This query dumps all of the end points that are currently registered with the RPC end-point mapper. If it receives a response to the query, it returns the entire response to the user and reports that the port is LISTENING. If Portqry.exe does not receive a response to the query, it reports that the port is FILTERED. An example of this occurs when you run the
portqry -n mymailsrv -p udp -e 135 command:
UUID: f5cc5a18-4264-101a-8c59-08002b2f8426 MS Exchange Directory NSPI Proxy
ncacn_http:169.254.112.100[1444]
UUID: 9e8ee830-4459-11ce-979b-00aa005ffebe MS Exchange MTA 'Mta' Interface
ncacn_np:\\\\mymailsrv[\\pipe\\00000bbc.000]
UUID: 9e8ee830-4459-11ce-979b-00aa005ffebe MS Exchange MTA 'Mta' Interface
ncacn_ip_tcp:169.254.112.100[2168]
UUID: 99e64010-b032-11d0-97a4-00c04fd6551d Exchange Server STORE ADMIN
ncadg_ip_udp:169.254.112.100[2174]
UUID: 10f24e8e-0fa6-11d2-a910-00c04f990f3b Microsoft Information Store
ncacn_np:\\\\mymailsrv[\\pipe\\00000ba0.000]
Total endpoints found: 5
==== End of RPC Endpoint Mapper query response ====
UDP port 135 is LISTENING
In the preceding example, port 135 is listening, and from the output, you can determine which services or programs have been registered with the target server's RPC end-point mapper database. The output includes each program's UUID, annotated name (if one exists), the protocol the program uses, the network address that the program is bound to, and the program's end point (port number, named pipe, and so on, in square brackets). This information may also be useful in troubleshooting various problems.
Portqry.exe is available for download from the Microsoft Download Center. To download Portqry.exe, visit the following Microsoft Web site:
Important The PortQueryUI tool provides a graphical user interface and is available for download. PortQueryUI has several features that can make using PortQry easier. To obtain the PortQueryUI tool, visit the following Microsoft Web site: