How To Check Open Ports In Windows Server 2008 R2

Test-NetConnection – a fix-to-employ cmdlet to check network connection has appeared in PowerShell 4.0 (Windows 2012 R2, Windows 8.i and newer). You can utilize this cmdlet to check the response and availability of a remote server or network service on it, TCP ports blocked by firewalls, check ICMP availability and routing. In fact, the Examination-NetConnection cmdlet can supervene upon several standard network admin tools at once: ping, traceroute, TCP port scanner, etc.

Contents:

• Testing for Open up/Airtight Server TCP Ports with Test-NetConnection
• Test-NetConnection in PowerShell Monitoring Scripts
• Simple IP Network / Port Scanner with PowerShell

From time to fourth dimension, any administrator has to check service availability on a remote server by checking remote TCP port response (for example, the availability of an email or web server). Moreover, most admins are used to perform such a port check with the telnet command. For instance, to make sure the SMTP service  responds on the e-mail server (by default, it responds on TCP Port 25) information technology is enough to run telnet ny-msg01.woshub.com 25 command. But starting from Windows 7, the telnet client has become a feature to be installed separately. Let'due south see how to bank check for open/closed TCP ports using PowerShell.

The master do good of the Test-NetConnection cmdlet is that it is already a part of all modern versions of Windows and y'all don't need to install it separately. The cmdlet is a part of the NetTCPIP module (starting with PoSh v4.0).

Tip. You can check the current installed version of PowerShell with the command: $PSVersionTable.PSVersion

Value 4 in the Major column means that PowerShell 4.0 is installed on your computer.

Testing for Open/Airtight Server TCP Ports with Test-NetConnection

Let'south check if TCP Port 25 (SMTP protocol) is open up (available) on the remote email server using Test-NetConnection:

Test-NetConnection -ComputerName ny-msg01 -Port 25

Note. Using Examination-NetConnection cmdlet, you can check only TCP port connexion, and information technology is not applicable to bank check the availability of the remote UDP ports.

The shortened version of the aforementioned command looks like this: TNC ny-msg01 -Port 25

Permit'southward consider the result of the command:

ComputerName           : ny-msg01 RemoteAddress          : ten.20.1.7 RemotePort             : 25 InterfaceAlias         : CORP SourceAddress          : 10.20.1.79 PingSucceeded          : True PingReplyDetails (RTT) : 0 ms TcpTestSucceeded       : True        

As y'all tin see, the cmdlet resolves the server name to IP address, checks the ICMP response (similar to ping) and the availability of the TCP port. The specified server responds via ICMP (PingSucceeded = Truthful) and the TCP Port 25 is open (RemotePort=25, TcpTestSucceeded= True).

Notation. In some cases, it may occur that PingSucceeded=False, and TcpTestSucceeded=True. Information technology is likely to hateful that ICMP Ping is forbidden on the remote server.

The cmdlet has a special parameter –CommonTCPPort, which allows you to specify the name of a known network protocol (HTTP, RDP, SMB, WINRM).

For example, to cheque the availability of an HTTP web server, you can use the command:

Test-NetConnection -ComputerName woshub.com -CommonTCPPort HTTP

Or RDP port (3389) availability:

Test-NetConnection ny-rds1 –CommonTCPPort RDP

You can list all the parameters that the Exam-NetConnection cmdlet returns:

Examination-NetConnection ny-man01 -port 445|Format-List *

If y'all only demand to see if the port is available, it tin can be checked more quickly:

TNC ny-msg1 -Port 25 -InformationLevel Placidity

The cmdlet returned True, which means the remote port is attainable.

Tip . In before PowerShell versions, you could check TCP port availability as follows:

(New-Object Organization.Cyberspace.Sockets.TcpClient).Connect('ny-msg01', 25)

In Windows 10 / Windows Server 2016, you can utilise the Test-NetConnection cmdlet to trace the route to a remote server using the –TraceRoute parameter (analogous to tracert control in Windows). Using the –Hops parameter, you lot tin can limit the maximum number of hopes during route cheque.

Test-NetConnection ny-man01 –TraceRoute

The cmdlet returned the network summary filibuster when accessing the server in milliseconds (PingReplyDetails (RTT): 41 ms) and all the IP addresses of the routers on the way to the target server.

Test-NetConnection in PowerShell Monitoring Scripts

The following command allows y'all to check the availability of a specific port on a number of servers, the list of which is stored in a plain text file list_servers.txt. We need the servers where the specified service doesn't respond:

Get-Content c:\PS\list_servers.txt |  where { -Non (Test-Netconnection $_ -Port 25  -InformationLevel Quiet)}| Format-Table -AutoSize

Similarly, you tin can create a unproblematic monitoring script that checks the availability of servers and displays a notification if one of the servers is unavailable.

For example, you can cheque the availability of basic services on all domain controllers (a DC list tin be obtained with the Get-ADDomainController cmdlet). Allow's check the following services on DC (the PortQry tool has a similar "Domain and trusts" dominion):

• RPC – TCP/135
• LDAP – TCP/389
• LDAP – TCP/3268
• DNS – TCP/53
• Kerberos – TCP/88
• SMB – TCP/445

$Ports  = "135","389","636","3268","53","88","445","3269", "eighty", "443"
$AllDCs = Go-ADDomainController -Filter * | Select-Object Hostname,Ipv4address,isGlobalCatalog,Site,Woods,OperatingSystem
ForEach($DC in $AllDCs)
{
Foreach ($P in $Ports){
$check=Examination-NetConnection $DC -Port $P -WarningAction SilentlyContinue
If ($check.tcpTestSucceeded -eq $true)
{Write-Host $DC.proper name $P -ForegroundColor Green -Separator " => "}
else
{Write-Host $DC.name $P -Separator " => " -ForegroundColor Reddish}
}

The script volition check the specified TCP ports on the domain controllers, and if one of the ports is unavailable, it will highlight it in red (yous can run this PowerShell script as a Windows service).

Simple IP Network / Port Scanner with PowerShell

You tin can also implement a simple port and IP subnet network scanner to scan remote servers or subnets for open up/airtight TCP ports.

Scan the range of IP addresses on open port 3389:

foreach ($ip in 100..150) {Examination-NetConnection -Port 3389 -InformationLevel "Detailed" 192.168.one.$ip}

Scan the range of TCP ports from 1 to 1024 on the specified remote server:

foreach ($port in 1..1024) {If (($a=Test-NetConnection srvfs01 -Port $port -WarningAction SilentlyContinue).tcpTestSucceeded -eq $true){ "TCP port $port is open up!"}}

Source: http://woshub.com/checking-tcp-port-response-using-powershell/

Posted by: carsondereter.blogspot.com

Share this post