PortQry V2 is sweet....

PortQry version 2.0

Displays the state of TCP and UDP ports

Command line mode: portqry -n name_to_query [-options]

Interactive mode: portqry -i [-n name_to_query] [-options]

Local Mode: portqry -local | -wpid pid| -wport port [-options]

Command line mode:

portqry -n name_to_query [-p protocol] [-e || -r || -o endpoint(s)] [-q]

[-l logfile] [-sp source_port] [-sl] [-cn SNMP community name]

Command line mode options explained:

-n [name_to_query] IP address or name of system to query

-p [protocol] TCP or UDP or BOTH (default is TCP)

-e [endpoint] single port to query (valid range: 1-65535)

-r [end point range] range of ports to query (start:end)

-o [end point order] range of ports to query in an order (x,y,z)

-l [logfile] name of text log file to create

-y overwrites existing text log file without prompting

-sp [source port] initial source port to use for query

-sl 'slow link delay' waits longer for UDP replies from remote systems

-nr by-passes default IP address-to-name resolution

ignored unless an IP address is specified after -n

-cn specifies SNMP community name for query

ignored unless querying an SNMP port

must be delimited with !

-q 'quiet' operation runs with no output

returns 0 if port is listening

returns 1 if port is not listening

returns 2 if port is listening or filtered

Notes: PortQry runs on Windows 2000 and later systems

Defaults: TCP, port 80, no log file, slow link delay off

Hit Ctrl-c to terminate prematurely

examples:

portqry -n myserver.com -e 25

portqry -n 10.0.0.1 -e 53 -p UDP -i

portqry -n host1.dev.reskit.com -r 21:445

portqry -n 10.0.0.1 -o 25,445,1024 -p both -sp 53

portqry -n host2 -cn !my community name! -e 161 -p udp

Interactive Mode:

Used as an alternative to command line mode

portqry -i [-options]

For help with Interactive mode options:

- run portqry.exe

- then type 'help' <enter>

example:

portqry -i -n server1 -e 135 -p both

Local Mode:

Local Mode used to get detailed data on local system's ports

portqry -local | -wpid pid | -wport port [-wt seconds] [-l logfile] [-v]

Local mode options explained:

-local enumerates local port usage, port to process mapping,

service port usage, and lists loaded modules

-wport [port_number] watches specified port

reports when port's connection status changes

-wpid [process_ID] watches specified process ID (PID)

reports when PID's connection status changes

-wt [seconds] watch time option

specifies how often to check for status changes

valid range: 1 - 1200 seconds

default value is 60 seconds

-l [logfile] name of text log file to create

-v requests verbose output

Notes: PortQry runs on Windows 2000 and later systems

For best results run in context of local administrator

Port to process mapping may not be available on all systems

Hit Ctrl-c to terminate prematurely

examples:

portqry -local

portqry -local -l logfile.txt -v

portqry -wpid 1272 -wt 5 -l logfile.txt -y -v

portqry -wport 53 -l dnslog.txt

Comments

Post a Comment

Popular posts from this blog

Exchange Server Error -1018: How Microsoft IT Recovers Damaged Exchange Databases

Image
I found this paper on the showcase site from microsoft I hope it is of help to you. It sure helped me!     Technical White Paper Published: August 1, 2005 Executive Summary Error –1018 (JET_errReadVerifyFailure) is a familiar—and dreaded—error in Microsoft® Exchange Server. It indicates that an Exchange database file has been damaged by a failure or problem in the underlying file system or hardware. This paper explains the conditions that result in error –1018. It also covers the detection mechanisms that Exchange uses to discover and recover from damage to its database files. The Microsoft Information Technology group (Microsoft IT) runs one of the most extensive Exchange Server organizations in the world. Exchange administrators at Microsoft have investigated and recovered from dozens of –1018 error problems. This paper shows you how Microsoft IT mo...
Read more

[Solved] The Group Policy client-side extension Internet Explorer Zonemapping failed to execute

Image
I had the error below in my application eventlog.     Event Type:    Error Event Source:    Userenv Event Category:    None Event ID:    1085 Date:        30-09-2008 Time:        15:20:30 User:        NT AUTHORITY\SYSTEM Computer:    TBG-TS01 Description: The Group Policy client-side extension Internet Explorer Zonemapping failed to execute. Please look for any errors reported earlier by that extension. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp .   My problem was with my site to zone assignment list I used a wildcard like this: “ *microsoft.com ” but what you need to do is this “ *.microsoft.com ” So it is safe to say that the documentation from microsoft needs some sort of an update stating that y...
Read more

How to Uninstall WSUS 3.0 after you have (removed/fucked up) the database manually

Well if somehow your wsus 3.0 database becomes corrupt. Due to an Database administrator removing the instance for example. I tried to remove through the Add/Remove programs dialog but all I got back was. Event Type: Information Event Source: MsiInstaller Event Category: None Event ID: 11725 Date: 25-09-2007 Time: 11:17:18 User: Domain\Administrator Computer: WSUSSERVER Description: Product: Microsoft Windows Server Update Services 3.0 -- Removal failed. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 7b 32 43 30 44 37 45 33 {2C0D7E3 0008: 35 2d 45 45 36 45 2d 34 5-EE6E-4 0010: 44 43 37 2d 42 41 31 33 DC7-BA13 0018: 2d 32 43 36 38 41 45 44 -2C68AED 0020: 45 42 35 39 44 7d EB59D} And voila the program was removed from the ADD/Remove Programs dialog. So I had nothing. Inspecting the Wsus installation log at %temp%\wsus*.log Reveals the following: MSI (s) (8C:74) [11:17:38:402]: Product: Microsoft Windows Serve...
Read more