��. ��: 832919 - �� : ��, 22 �� 2010 - ��: 2.0

�� PortQry, �� 2.0

��

��: ��

�� .

�� . �� .

�� PortQry �� 2.0.

PortQry version 1.22 is a TCP/IP connectivity testing utility that is included with the Microsoft Windows Server 2003 Support Tools. Microsoft has released a new version of PortQryV2.exe. This new version includes all the features and functionality of the earlier version and has new features and functionality. PortQryV2.exe is available from the Microsoft Download Center. To obtain PortQryV2.exe, visit the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?familyid=89811747-C74B-4638-A2D5-AC828BDC6983&displaylang=en (http://www.microsoft.com/downloads/details.aspx?familyid=89811747-C74B-4638-A2D5-AC828BDC6983&displaylang=en)

��

PortQry is a command-line utility that you can use to help troubleshoot TCP/IP connectivity issues. This utility reports the port status of target TCP and User Datagram Protocol (UDP) ports on a local computer or on a remote computer. PortQry version 2.0 also provides detailed information about the local computer's port usage. PortQry version 2.0 runs on all the following operating systems:

Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000

��

Port status reporting

PortQry reports the status of a port in one of the following ways:

LISTENINGThis response indicates that a process is listening on the target port. PortQry received a response from the target port.
NOT LISTENINGThis response indicates that no process is listening on the target port. PortQry received one of the following Internet Control Message Protocol (ICMP) messages from the target port:
Destination unreachable
Port unreachable
FILTEREDThis response indicates that the target port is being filtered. PortQry did not receive a response from the target port. A process may or may not be listening on the target port. By default, PortQry queries a TCP port three times before it returns a response ofFILTEREDand queries a UDP port one time before it returns a response ofFILTERED.

��

PortQry version 2.0 features

Depending on the process that listens on a UDP port, sometimes it may be difficult to determine the status of that UDP port. When an unformatted zero-length or fixed-length message is sent to a target UDP port, the port may or may not respond. If the port responds, it has a status ofLISTENING. If you receive an ICMP "Destination unreachable" message from a UDP port, or if a TCP reset response is returned from a TCP port, the port has a status ofNOT LISTENING. Typical port scanning tools report that the port has aLISTENINGstatus if the target UDP port does not return an ICMP "Destination unreachable" message. This result may not be accurate for one or both of the following reasons:

When there is no response to a directed datagram, the target port may beFILTERED.
Most services do not respond to an unformatted user datagram that is sent to them.

Typically, only one correctly formatted message that uses the session layer or that uses the application layer protocol that the listening service or the program understands elicits a response from the target port.

When you troubleshoot a connectivity problem, especially in an environment that contains one or more firewalls, it is useful to know if a port is being filtered or if it is listening. PortQry includes some special features to help make this determination on selected ports. If there is no response from a target UDP port, PortQry reports that the port isLISTENING�FILTERED. PortQry then sends a correctly formatted message that the listening service or program understands. PortQry uses the correct session layer or application layer protocol to determine if the port is listening. PortQry uses the Services file that is located in the %SYSTEMROOT%\System32\Drivers\Etc folder to determine which service listens on each port.

��This file is stored on each Microsoft Windows Server 2003, Windows XP, and Windows 2000-based computer.

Because PortQry is intended as a troubleshooting tool, it is expected that users who use it to troubleshoot a particular problem have sufficient knowledge of their computing environment. PortQry version 2.0 supports the following session layer and application layer protocols:

Lightweight Directory Access Protocol (LDAP)
Remote Procedure Calls (RPC)
Domain Name System (DNS)
NetBIOS Name Service
Simple Network Management Protocol (SNMP)
Internet Security and Acceleration Server (ISA)
SQL Server 2000 Named Instances
Trivial File Transfer Protocol (TFTP)
Layer Two Tunneling Protocol (L2TP)

Additionally, PortQry version 2.0 can accurately determine if more UDP ports are open than can PortQry version 1.22.

LDAP support

PortQry can send an LDAP query by using both TCP and UDP and interpret an LDAP server's response to that query correctly. PortQry parses, formats, and then returns the response from the LDAP server to the user. For example, you type the following command, and then press ENTER:

portqry -n�_��_��-p udp -e 389

PortQry then performs the following actions:

PortQry uses the Services file in the %SYSTEMROOT%\System32\Drivers\Etc folder to resolve the UDP port 389. If PortQry resolves the port to the LDAP service, PortQry sends an unformatted user datagram to UDP port 389 on the destination computer.

PortQry does not receive a response from the target port because the LDAP service only responds to a correctly formatted LDAP query.
PortQry reports that the port isLISTENING�FILTERED.
PortQry sends a correctly formatted LDAP query to UDP port 389 on the destination computer.
If PortQry receives a response to this query, it returns the whole response to the user and reports that the port isLISTENING.

If PortQry does not receive a response to this query, it reports that the port isFILTERED.

��

UDP port 389 (unknown service): LISTENING or FILTERED
Sending LDAP query to UDP port 389...

LDAP query response:

currentdate: 12/13/2003 05:42:40 (unadjusted GMT) 
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=domain,DC=example,DC=com
dsServiceName: CN=NTDS Settings,CN=myserver,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=example,DC=com
namingContexts: DC=domain,DC=example,DC=com
defaultNamingContext: DC=domain,DC=example,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=domain,DC=example,DC=com
configurationNamingContext: CN=Configuration,DC=domain,DC=example,DC=com
rootDomainNamingContext: DC=domain,DC=example,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 4259431
supportedSASLMechanisms: GSSAPI
dnsHostName: myserver.domain.example.com
ldapServiceName: domain.example.com:myserver$@domain.EXAMPLE.COM
serverName: CN=myserver,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=example,DC=com
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 0
forestFunctionality: 0
domainControllerFunctionality: 2

======== End of LDAP query response ========

UDP port 389 is LISTENING

In this example, you determine that port 389 is listening. Additionally, you can determine which LDAP service is listening on port 389 and certain details about that service.

Be aware that the LDAP test over UDP may not work against domain controllers that are running Windows Server 2008. To check the availability of the service that is running on UDP 389, you can use NLTEST instead of the PortQry tool. For example, you can useNltest /sc_reset<domain name=""></domain>\<computer name=""></computer>to force a security channel onto a particular domain controller. �� , �� Microsoft �� Web:

http://technet.microsoft.com/en-us/library/cc961803.aspx (http://technet.microsoft.com/en-us/library/cc961803.aspx)

RPC support

PortQry can send an RPC query by using both TCP and UDP and interpret the response to that query correctly. This query returns (dumps) all the end points that are currently registered with the RPC endpoint mapper. PortQry parses, formats, and then returns the response from the RPC endpoint mapper to the user. For example, you type the following command, and then press ENTER:

portqry -n�_��_��-p udp -e 135

PortQry then performs the following actions:

PortQry uses the Services file in the %SYSTEMROOT%\System32\Drivers\Etc folder to resolve the UDP port 135. If PortQry resolves the port to the RPC End Point Mapper service (Epmap), PortQry sends an unformatted user datagram to UDP port 135 on the destination computer.

PortQry does not receive a response from the target port because the RPC endpoint mapper service only responds to a correctly formatted RPC query.
PortQry reports that the port isLISTENINGor the port isFILTERED.
PortQry sends a correctly formatted RDC query to UDP port 135 on the destination computer. This query returns all the endpoints that are currently registered with the RPC endpoint mapper.
�� PortQry �� , PortQry �� ��.

�� PortQry �� , �� �� .

��

UDP port 135 (epmap service): LISTENING or FILTERED
Querying Endpoint Mapper Database...
Server's response:

UUID: 50abc2a4-574d-40b3-9d66-ee4fd5fba076 
ncacn_ip_tcp:169.254.12.191[4144]

UUID: ecec0d70-a603-11d0-96b1-00a0c91ece30 NTDS Backup Interface
ncacn_np:\\\\MYSERVER[\\PIPE\\lsass]

UUID: e3514235-4b06-11d1-ab04-00c04fc2dcd2 MS NT Directory DRS Interface
ncacn_ip_tcp:169.254.12.191[1030]

UUID: e3514235-4b06-11d1-ab04-00c04fc2dcd2 MS NT Directory DRS Interface
ncadg_ip_udp:169.254.12.191[1032]

UUID: 12345678-1234-abcd-ef00-01234567cffb 
ncacn_np:\\\\MYSERVER[\\PIPE\\lsass]

UUID: 12345678-1234-abcd-ef00-01234567cffb 
ncacn_np:\\\\MYSERVER[\\PIPE\\POLICYAGENT]

Total endpoints found: 6

==== End of RPC Endpoint Mapper query response ====

UDP port 135 is LISTENING

�� , �� 135 �� . ��, �� RPC �� . � �� (UUID) �� , �� (�� ), �� , � �� .

���� -r�� Portqry.exe� �� , �� RPC. �� .

�� DNS

PortQry �� DNS �� TCP �� UDP. PortQry �� DNS �� (FQDN):

Portqry.Microsoft.com

PortQry, �� , �� DNS ��. �� , PortQry �� ��.

���� DNS. �� .

�� NetBIOS

�� , � �� NetBIOS, �� UDP 137. �� PortQry �� ����� PortQry �� :

�� PortQry NetBIOS, PortQry �� NetBIOS �� .
�� , �� PortQry �� ��, �� (MAC) �� .

�� PortQry NetBIOS, PortQry �� NetBIOS �� .

�� SNMP

�� SNMP �� PortQry, �� 2.0. �� , � �� SNMP �� UDP 161. �� 161 ��, PortQry �� SNMP. � �� SNMP �� . �� PortQry, �� SNMP, �� . �� , �� PortQry �� , "��". �� , �� -cn� �� . �� Portqry.exe��, �� (!). �� , �� secure123, �� :

Portqry -n 127.0.0.1 -e 161 - p udp - cn!secure123!

��

Querying target system called:

127.0.0.1

querying...

UDP port 161 (snmp service): LISTENING or FILTERED

community name for query:

secure123

Sending SNMP query to UDP port 161...

UDP port 161 is LISTENING

� �� ISA Server

�� Microsoft ISA Server �� PortQry, �� 2.0. �� , �� ISA Server �� TCP 1745 �� UDP 1745 �� -�� Winsock �� -�� . �� -�� Winsock � �� -�� ISA Server �� . ��, �� HTTP (�� , �� Winsock). To determine whether the port is listening, PortQry sends a query that is formatted in the way that ISA Server accepts.

��

For example, you type a command that is similar to the following command:

portqry -nmyproxy-server-p udp -e 1745

�� :

Querying target system called:

myproxy-server

Attempting to resolve name to IP address...


Name resolved to 169.254.24.86

querying...

UDP port 1745 (unknown service): LISTENING or FILTERED

Sending ISA query to UDP port 1745...

UDP port 1745 is LISTENING

When PortQry queries TCP port 1745, PortQry downloads the Mspclnt.ini file from the ISA Server if the Mspclnt.ini file is available on that port. The Mspclnt.ini file contains configuration information that Winsock proxy clients and Firewall clients use.

��

TCP port 1745 (unknown service): LISTENING

Sending ISA query to TCP port 1745...


ISA query response:

10.0.0.0        10.255.255.255
127.0.0.1       127.0.0.1
169.254.0.0     169.254.255.255
192.168.0.0     192.168.255.255
127.0.0.0       127.255.255.255

;
; This file should not be edited.
; Changes to the client configuration should only be made using ISA Management.
;
[Common]
myproxy-server.example.com
Set Browsers to use Auto Detect=1
AutoDetect ISA Servers=1
WebProxyPort=8080
Port=1745
Configuration Refresh Time (Hours)=2
Re-check Inaccessible Server Time (Minutes)=10
Refresh Give Up Time (Minutes)=15
Inaccessible Servers Give Up Time (Minutes)=2
[Servers Ip Addresses]
Name=myproxy-server
[My Config]
Path1=\\myproxy-server\mspclnt\

======== End of ISA query response ========

� �� SQL Server 2000

Microsoft SQL Server 2000 support is a new feature in PortQry version 2.0. PortQry queries UDP port 1434 to query all the SQL Server named instances that are running on a SQL Server 2000 computer. PortQry sends a query that is formatted in the way that SQL Server 2000 accepts to determines whether this port is listening.

��

For example, you type a command that is similar to the following command:

portqry -n192.168.1.20-e 1434 -p udp

�� :

Querying target system called:

192.168.1.20

querying...

UDP port 1434 (ms-sql-m service): LISTENING or FILTERED

Sending SQL Server query to UDP port 1434...

Server's response:

ServerName SQL-Server1
InstanceName MSSQLSERVER
IsClustered No
Version 8.00.194
tcp 1433
np \\SQL-Server1\pipe\sql\query

==== End of SQL Server query response ====

UDP port 1434 is LISTENING

�� TFTP

TFTP support is a new feature in PortQry version 2.0. By default, TFTP servers listen on UDP port 69. PortQry sends a query that is formatted in the way that the TFTP server accepts to determine whether this port is listening.

��

For example, you type a command that is similar to the following command:

portqry -nmyserver.example.com-p udp -e 69

�� :

Querying target system called:

myserver.example.com

Attempting to resolve name to IP address...


Name resolved to 169.254.23.4

querying...

UDP port 69 (tftp service): LISTENING or FILTERED

Sending TFTP query to UDP port 69...

UDP port 69 is LISTENING

L2TP support

L2TP support is a new feature in PortQry version 2.0. Routing and Remote Access servers and other virtual private networking (VPN) servers listen on UDP port 1701 for inbound L2TP connections. PortQry sends a query that is formatted in the way that the VPN server accepts to determine whether this port is listening.

��

For example, you type a command that is similar to the following command:

portqry -nvpnserver.example.com-e 1701-p udp

�� :

Querying target system called:

vpnserver

Attempting to resolve name to IP address...

Name resolved to 169.254.12.225

querying...

UDP port 1701 (l2tp service): LISTENING or FILTERED

Sending L2TP query to UDP port 1701...

UDP port 1701 is LISTENING

��

By default, every Windows Server 2003, Windows XP, and Windows 2000-based computer has a Services file that is located in the %SYSTEMROOT%\System32\Drivers\Etc folder. PortQry uses this file to resolve port numbers to their corresponding service names. The content of this file dictates the ports where PortQry sends formatted messages when you use thePortQry.exe��. You can edit this file to direct PortQry to send formatted messages to an alternative port. For example, the following entry appears in a typical Services file:

ldap 389/tcp #Lightweight Directory Access Protocol

You can edit this port entry or add an additional entry. To cause PortQry to send LDAP queries to port 1025, modify the entry to the following entry:

ldap 1025/tcp #Lightweight Directory Access Protocol

��

PortQry displays extended information that some ports may return. PortQry looks for this "extended information" on ports where the following services listen:

Simple Mail Transfer Protocol (SMTP)
Microsoft Exchange POP3
Microsoft Exchange IMAP4
FTP Publishing Service
ISA Server services

For example, by default, the FTP service listens on TCP port 21. When PortQry determines that TCP port 21 on the destination computer isLISTENING, it uses the information from the Services file to determine that the FTP service is listening on this port.

��You can change the service that PortQry determines is listening on a port by editing the Services file. For additional information, see the "�� "�� .

In this scenario, PortQry tries to use the Anonymous user account to log on to the FTP server. The result of this logon attempt indicates whether the destination FTP server accepts anonymous logons. PortQry returns the server's response.

�� 1: You type a command that is similar to the following command, and then press ENTER:

portqry -nMyFtpServer-p tcp -e 21

You receive a response that is similar to the following response:

TCP port 21 (ftp service): LISTENING

Data returned from port:
220 Microsoft FTP Service

331 Anonymous access allowed, send identity (e-mail name) as password.

In Example 1, you can determine the type of FTP server that is listening on the target port and whether the FTP server is configured to permit anonymous user logons.

�� 2: You type a command that is similar to the following command, and then press ENTER:

portqry -nMyMailServer-p tcp -e 25

You receive a response that is similar to the following response:

TCP port 25 (smtp service): LISTENING

Data returned from port:
220 MyMailServer.domain.example.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.0 ready at Mon, 15 Dec 2003 10:24:50 -0800

In Example 2, you can determine the type of SMTP server that is listening on the target port.

�� PortQry

You can use the following command-line options with PortQry:

-n(��): �� . �� . �� IP �� . ��, �� IP. PortQry �� IP. �� PortQry �� IP, �� . �� IP, PortQry �� . �� , �� PortQry �� , �� .

��
Portqry - n�_��_��

Portqry - nwww.widgets.Microsoft.com

Portqry - n192.168.1.10
-p(��): �� . �� . �� , �� PortQry �� TCP �� .

�� 
- TCP(��): �� TCP.
- UDP: �� UDP.
- both: �� TCP �� UDP �� . �� , �� PortQry �� TCP �� UDP �� .
��
Portqry - nmyDomainController.example.com-p tcp

Portqry - n�_��_��-p udp

Portqry - n192.168.1.20-p �� 

Portqry - nwww.widgets.Microsoft.com(�� TCP.)
-e(��): �� . �� (� � �� ) �� . �� 1 �� 65535 ��. �� -o� �� -r��. �� , �� PortQry �� 80.

��
Portqry - n�_��_��-p 139 udp -e

Portqry - nMail.example.com-p 25 tcp -e

Portqry - n�_��_��(�� 80).

Portqry - n192.168.1.20-p both -e 60897
-o(order): This parameter is optional. Use this parameter to specify a certain number of ports to be queried in a particular order. You cannot use this option together with the-eparameter or together with the-r��. When you use this parameter, use commas to delimit the port numbers. You can enter the port numbers in any order. However, you cannot leave spaces between the port numbers and the comma delimiters.

��
portqry -n�_��_��-p udp -o 139,1025,135

portqry -nmail.widgets.microsoft.com-p tcp -o 143,110,25

portqry -n192.168.1.20-p both -o 100,1000,10000
-r(range): This parameter is optional. Use this parameter to specify a range of port numbers to query in sequential order. You cannot use this option together with the-eparameter or together with the-o��. When you use this parameter, use a semi-colon (;) to delimit the starting port number and the ending port number. Specify a starting port that is lower than the ending port. Additionally, you cannot put spaces between the port numbers and the semi-colon. When you use this parameter, the RPC End Point Mapper is not queried.

��
portqry -n�_��_��-p udp -r 135;139

portqry-nwww.widgets.microsoft.com-p tcp -r 10;20

portqry -n192.168.1.20-p both -r 25;120
-l(log file): This parameter is optional. Use this parameter to specify a log file to record the output generated by PortQry. When you use this parameter, specify a file name together with the file name extension. You cannot type spaces in the log file name. The log file is created in the folder where PortQry runs. PortQry generates the log file output in text format. If an existing log file with the same name exists, you are prompted to overwrite it when you run the PortQry command.

��
portqry -n�_��_��-p udp -r 135;139 -l myserverlog.txt

portqry -nmail.widgets.microsoft.com-p tcp -o 143,110,25 -l portqry.log

portqry -n192.168.1.20-p both -e 500 -l ipsec.txt -y
-y(yes, overwrite): This parameter is optional. Use this parameter together with the-lparameter to suppress the "overwrite" prompt when a log file exists that has the same name that you specify in the PortQry command. When you use this parameter, PortQry overwrites the existing log file without prompting you.

��
portqry -n�_��_��-p udp -r 135;139 -l myserverlog.txt -y

portqry -nmail.widgets.microsoft.com-p tcp -o 143,110,25 -l portqry.log -y
-sl(slow link): This parameter is optional. Use this parameter to cause PortQry to wait longer for responses from UDP queries. Because UDP is a connectionless protocol, PortQry cannot determine whether the port is slow to respond or the port is filtered. This option doubles the time that PortQry waits for a response from a UDP port before PortQry determines that the port isNOT LISTENINGor that it is�� . Use this option when you query a UDP port across a slow or unreliable network link.

��
portqry -n�_��_��-p udp -r 135;139 -lmyserver.txt-sl

portqry -nmail.widgets.microsoft.com-p tcp -o 143,110,25 -sl

portqry -n192.168.1.20-p both -e 500 -sl
-nr(no reverse name lookup): This parameter is optional. Use this parameter to bypass the reverse name lookup that PortQry performs when you specify an IP address together with the-n��. By default, when you specify an IP address together with the-nparameter, PortQry tries to resolve the IP address to a host name. This process may be time-consuming, especially if PortQry cannot resolve the IP address. �� -nrparameter, PortQry does not look up the IP address to return the host name. Instead, PortQry queries the target ports immediately. �� -nrparameter is ignored if you specify a host name together with the-n��.

��
portqry -n192.168.22.21-p udp -r 135:139 -lmyserver.txt-s -nr

portqry -n10.1.1.10-p tcp -o 143,110,25 -s -nr

portqry -n169.254.18.22-p both -e 500 -s -nr
-q(quiet mode): This parameter is optional. Use this parameter to cause PortQry to suppress all output to the screen except for error messages. This parameter is especially helpful when you configure PortQry for use in a batch file. Depending on the status of the port, this parameter returns the following outputs:
- 0(zero) is returned if the target port is��.
- 1is returned if the target port isNOT LISTENING.
- 2is returned if the target port is���� .
You can only use this parameter together with the-e��. You cannot use this parameter together with the-oparameter or together with the-r��. Additionally, you cannot use this parameter together with the-pparameter when you set the value of the-pparameter toboth.

���� -qparameter together with the-l(log file) parameter, PortQry overwrites an existing log file that has the same name without first prompting you for permission to do so.

Sample batch file
:Top portqry -n 169.254.18.22 -e 135 -p tcp -q if errorlevel = 2 goto filtered if errorlevel = 1 goto failed if errorlevel = 0 goto success goto end :filtered Echo Port is listening or filtered goto end :failed Echo Port is not listening Goto end :success Echo Port is listening goto end :end
-cn(community name): This parameter is optional. Use this parameter to specify a community string or community name to use when you send an SNMP query. With this parameter, you must enclose the community string with exclamation marks (!). This parameter is ignored if you do not query a port where SNMP is listening.

��
portqry -n�_��_��-p udp -e 161 -lmyserver.txt-cn !snmp string!

portqry -nwww.widgets.microsoft.com-p both -r 150:170 -sl -cn !my_snmp_community_name!
-sp(source port): �� . �� TCP �� UDP �� . �� .

��
udp -p Portqry -e 53 - 192.168.1.20 sp 3001 -n
�� PortQry �� UDP 3001 �� . �� , �� UDP 3001 �� . PortQry �� . �� , �� PortQry �� :
�� .
�� .
�� .
PortQry �� . PortQry �� , �� FTP, SMTP, POP, IMAP, DNS, SNMP, �� ISA Server �� . �� :
RPC (�� TCP �� UDP 135)
LDAP (�� UDP 389)
�� NetBIOS (�� UDP 137)
�� Internet �� (ISAKMP) (�� UDP 500)
�� PortQry �� . �� , �� , �� , �� . �� , �� 3000 �� UDP 389 (LDAP), PortQry �� UDP 3000 �� UDP �� LDAP. �� PortQry �� LDAP �� LDAP, �� PortQry �� . (�� , � �� 3000). �� PortQry �� , �� PortQry �� :
��
�� ISAKMP/IPSec, � �� IPSec �� UDP 500. �� , �� PortQry �� UDP 500 �� . �� IPSec �� PortQry, �� UDP 500 �� , �� . �� , �� PortQry �� :
�� 500, �� . �� ISAKMP/IPSec �� 500.
�� "�� IPSEC" � "�� IPSEC" �� PortQry ��

��: net ��
�� Portqry �� ISAKMP
net start ��

��

PortQry, �� 2.0 �� :

�� PortQry
�� PortQry

�� PortQry

�� PortQry, �� 1.22, �� . �� , �� . �� PortQry, �� 2.0, �� , �� PortQry �� 2.0 �� . � �� Nslookup DNS � �� Nblookup WINS �� .

�� PortQry �� , �� i��. �� , ��Portqry -i. �� , �� :

Portqry Interactive Mode

Type 'help' for a list of commands

Default Node: 127.0.0.1

Current option values:
   end port=    80
   protocol=    TCP
   source port= 0 (ephemeral)
>

�� -i� �� PortQry. �� , �� , �� , �� ENTER:

portqry -i -e 53 -n192.168.1.20-p both �sp 2030

�� :

Portqry Interactive Mode

Type 'help' for a list of commands

Default Node: 192.168.1.20

Current option values:
   end port=    53
   protocol=    BOTH
   source port= 2300

��

�� PortQry

The PortQry local mode of operation is designed to give you detailed information about the TCP ports and the UDP ports on the local computer where PortQry runs. PortQry has the following three basic commands available in local mode:

portqry.exe -localWhen you run this command, PortQry tries to enumerate all the TCP and UDP port mappings that are currently active on the local computer. This output is similar to the output that the netstat.exe -an command generates.

�� 

TCP/UDP Port Usage

96 active ports found

Port  		Local IP	State		 Remote IP:Port
TCP 80  	0.0.0.0 	LISTENING	 0.0.0.0:18510
TCP 80  	169.254.149.9 	TIME WAIT	 169.254.74.55:3716
TCP 80  	169.254.149.9 	TIME WAIT	 169.254.200.222:3885
TCP 135  	0.0.0.0 	LISTENING	 0.0.0.0:10280
UDP 135  	0.0.0.0 			 *:*
UDP 137  	169.254.149.9 			 *:*
UDP 138  	169.254.149.9 			 *:*
TCP 139  	169.254.149.9 	LISTENING	 0.0.0.0:43065
TCP 139  	169.254.149.9 	ESTABLISHED	 169.254.4.253:4310
TCP 139  	169.254.149.9 	ESTABLISHED	 169.254.74.55:3714
UDP 161  	0.0.0.0 			 *:*
TCP 445  	0.0.0.0 	LISTENING	 0.0.0.0:34836
TCP 445  	169.254.149.9 	ESTABLISHED	 169.254.53.54:4443
TCP 445  	169.254.149.9 	ESTABLISHED	 169.254.112.122:2111
TCP 445  	169.254.149.9 	ESTABLISHED	 169.254.112.199:1188
TCP 445  	169.254.149.9 	ESTABLISHED	 169.254.113.96:1221
TCP 445  	169.254.149.9 	ESTABLISHED	 169.254.200.222:3762
UDP 445  	0.0.0.0 			 *:*
UDP 500  	169.254.149.9 			 *:*
TCP 593  	0.0.0.0 	LISTENING	 0.0.0.0:59532
UDP 1029  	0.0.0.0 			 *:*
TCP 1040  	127.0.0.1 	LISTENING	 0.0.0.0:18638
UDP 1045  	0.0.0.0 			 *:*
TCP 1048  	127.0.0.1 	LISTENING	 0.0.0.0:2240
TCP 1053  	127.0.0.1 	LISTENING	 0.0.0.0:26649
TCP 1061  	127.0.0.1 	LISTENING	 0.0.0.0:26874
TCP 1067  	127.0.0.1 	LISTENING	 0.0.0.0:2288
TCP 1068  	0.0.0.0 	LISTENING	 0.0.0.0:2048
TCP 1088  	127.0.0.1 	LISTENING	 0.0.0.0:35004
UDP 1089  	0.0.0.0 			 *:*
TCP 1091  	127.0.0.1 	LISTENING	 0.0.0.0:43085
TCP 1092  	0.0.0.0 	LISTENING	 0.0.0.0:2096
TCP 1094  	127.0.0.1 	LISTENING	 0.0.0.0:51268
TCP 1097  	127.0.0.1 	LISTENING	 0.0.0.0:2104
TCP 1098  	0.0.0.0 	LISTENING	 0.0.0.0:43053
TCP 1108  	0.0.0.0 	LISTENING	 0.0.0.0:2160
TCP 1108  	169.254.149.9 	ESTABLISHED	 169.254.12.210:1811
TCP 1117  	127.0.0.1 	LISTENING	 0.0.0.0:26819
TCP 1118  	0.0.0.0 	LISTENING	 0.0.0.0:43121
TCP 1119  	0.0.0.0 	LISTENING	 0.0.0.0:26795
TCP 1121  	0.0.0.0 	LISTENING	 0.0.0.0:26646
UDP 1122  	0.0.0.0 			 *:*
TCP 1123  	0.0.0.0 	LISTENING	 0.0.0.0:35013
UDP 1126  	0.0.0.0 			 *:*
TCP 1137  	127.0.0.1 	LISTENING	 0.0.0.0:34820
TCP 1138  	0.0.0.0 	LISTENING	 0.0.0.0:26696
TCP 1138  	169.254.149.9 	CLOSE WAIT	 169.254.5.103:80
TCP 1170  	127.0.0.1 	LISTENING	 0.0.0.0:34934
TCP 1179  	127.0.0.1 	LISTENING	 0.0.0.0:59463
TCP 1228  	127.0.0.1 	LISTENING	 0.0.0.0:2128
UDP 1352  	0.0.0.0 			 *:*
TCP 1433  	0.0.0.0 	LISTENING	 0.0.0.0:2064
UDP 1434  	0.0.0.0 			 *:*
TCP 1670  	0.0.0.0 	LISTENING	 0.0.0.0:2288
TCP 1670  	169.254.149.9 	ESTABLISHED	 169.254.233.87:445
TCP 1686  	127.0.0.1 	LISTENING	 0.0.0.0:51309
UDP 1687  	127.0.0.1 			 *:*
TCP 1688  	0.0.0.0 	LISTENING	 0.0.0.0:2135
TCP 1688  	169.254.149.9 	CLOSE WAIT	 169.254.113.87:80
TCP 1689  	0.0.0.0 	LISTENING	 0.0.0.0:51368
TCP 1689  	169.254.149.9 	CLOSE WAIT	 169.254.113.87:80
TCP 1693  	169.254.149.9 	TIME WAIT	 169.254.121.106:445
UDP 1698  	0.0.0.0 			 *:*
TCP 1728  	127.0.0.1 	LISTENING	 0.0.0.0:2077
TCP 1766  	127.0.0.1 	LISTENING	 0.0.0.0:35061
TCP 2605  	127.0.0.1 	LISTENING	 0.0.0.0:2069
TCP 3302  	127.0.0.1 	LISTENING	 0.0.0.0:2048
TCP 3372  	0.0.0.0 	LISTENING	 0.0.0.0:18612
TCP 3389  	0.0.0.0 	LISTENING	 0.0.0.0:18542
TCP 3389  	169.254.149.9 	ESTABLISHED	 169.254.112.67:2796
TCP 3389  	169.254.149.9 	ESTABLISHED	 169.254.113.96:4603
TCP 3389  	169.254.149.9 	ESTABLISHED	 169.254.201.100:3917
UDP 3456  	0.0.0.0 			 *:*
TCP 3970  	0.0.0.0 	LISTENING	 0.0.0.0:35012
TCP 3970  	169.254.149.9 	CLOSE WAIT	 169.254.5.138:80
TCP 3972  	0.0.0.0 	LISTENING	 0.0.0.0:51245
TCP 3972  	169.254.149.9 	CLOSE WAIT	 169.254.5.138:80
TCP 4166  	127.0.0.1 	LISTENING	 0.0.0.0:2208
UDP 4447  	0.0.0.0 			 *:*
TCP 4488  	127.0.0.1 	LISTENING	 0.0.0.0:10358
UDP 4500  	169.254.149.9 			 *:*
TCP 4541  	127.0.0.1 	LISTENING	 0.0.0.0:10442
TCP 4562  	0.0.0.0 	LISTENING	 0.0.0.0:2192
TCP 4562  	169.254.149.9 	ESTABLISHED	 169.254.0.40:1025
UDP 4563  	0.0.0.0 			 *:*
UDP 4564  	0.0.0.0 			 *:*
TCP 4566  	0.0.0.0 	LISTENING	 0.0.0.0:51257
TCP 4566  	169.254.149.9 	ESTABLISHED	 169.254.12.18:1492
TCP 4568  	127.0.0.1 	LISTENING	 0.0.0.0:26665
TCP 4569  	0.0.0.0 	LISTENING	 0.0.0.0:43186
TCP 4569  	169.254.149.9 	CLOSE WAIT	 169.254.4.38:80
TCP 4756  	0.0.0.0 	LISTENING	 0.0.0.0:51268
UDP 4758  	0.0.0.0 			 *:*
TCP 8953  	0.0.0.0 	LISTENING	 0.0.0.0:26667
TCP 42510  	0.0.0.0 	LISTENING	 0.0.0.0:51323
UDP 43508  	169.254.149.9 			 *:*

Port Statistics

TCP mappings: 74
UDP mappings: 22

TCP ports in a LISTENING state: 	51 = 68.92%
TCP ports in a ESTABLISHED state: 	14 = 18.92%
TCP ports in a CLOSE WAIT state: 	6 = 8.11%
TCP ports in a TIME WAIT state: 	3 = 4.05%

On computers that support Process ID (PID) to port mappings, the output includes the process ID of the process that is using the port on the local computer. If the verbose option is used (-v), the output also includes the names of the services that the process ID belongs to and lists all the modules that the process has loaded. Access to some information is restricted. For example, access to module information for the Idle and CSRSS processes is prohibited because their access restrictions prevent user-level code from opening them. PortQry reports as much information as it can access for each process. For best results, run thePortqry -localcommand in the context of the local Administrator or an account that has similar credentials. The following example log file excerpt illustrates the level of reporting that you may receive when you run thePortqry -local��:

TCP/UDP Port to Process Mappings

55 mappings found

PID:Process		Port		Local IP	State		 Remote IP:Port
0:System Idle		TCP 4442  	169.254.113.96 	TIME WAIT	 169.254.5.136:80
0:System Idle		TCP 4456  	169.254.113.96 	TIME WAIT	 169.254.5.44:445
4:System		TCP 445  	0.0.0.0 	LISTENING	 0.0.0.0:2160
4:System		TCP 139  	169.254.113.96 	LISTENING	 0.0.0.0:24793
4:System		TCP 1475  	169.254.113.96 	ESTABLISHED	 169.254.8.176:445
4:System		UDP 445  	0.0.0.0 			 *:*
4:System		UDP 137  	169.254.113.96 			 *:*
4:System		UDP 138  	169.254.113.96 			 *:*
424:winlogon.exe	TCP 1200  	169.254.113.96 	CLOSE WAIT	 169.254.5.44:389
424:winlogon.exe	UDP 1100  	0.0.0.0 			 *:*
484:lsass.exe		TCP 1064  	0.0.0.0 	LISTENING	 0.0.0.0:2064
484:lsass.exe		UDP 500  	0.0.0.0 			 *:*
484:lsass.exe		UDP 1031  	0.0.0.0 			 *:*
484:lsass.exe		UDP 4500  	0.0.0.0 			 *:*
668:svchost.exe		TCP 135  	0.0.0.0 	LISTENING	 0.0.0.0:16532
728:svchost.exe		TCP 3389  	0.0.0.0 	LISTENING	 0.0.0.0:45088
800			UDP 1026  	0.0.0.0 			 *:*
800			UDP 1027  	0.0.0.0 			 *:*
836:svchost.exe		TCP 1025  	0.0.0.0 	LISTENING	 0.0.0.0:43214
836:svchost.exe		TCP 1559  	169.254.113.96 	CLOSE WAIT	 169.254.5.44:389
836:svchost.exe		UDP 1558  	0.0.0.0 			 *:*
836:svchost.exe		UDP 123  	127.0.0.1 			 *:*
836:svchost.exe		UDP 3373  	127.0.0.1 			 *:*
836:svchost.exe		UDP 123  	169.254.113.96 			 *:*
1136:mstsc.exe		TCP 2347  	169.254.113.96 	ESTABLISHED	 172.30.137.221:3389
1136:mstsc.exe		UDP 2348  	0.0.0.0 			 *:*
1276:dns.exe		TCP 53  	0.0.0.0 	LISTENING	 0.0.0.0:2160
1276:dns.exe		TCP 1087  	0.0.0.0 	LISTENING	 0.0.0.0:37074
1276:dns.exe		UDP 1086  	0.0.0.0 			 *:*
1276:dns.exe		UDP 2126  	0.0.0.0 			 *:*
1276:dns.exe		UDP 53  	127.0.0.1 			 *:*
1276:dns.exe		UDP 1085  	127.0.0.1 			 *:*
1276:dns.exe		UDP 53  	169.254.113.96 			 *:*
1328:InoRpc.exe		TCP 42510  	0.0.0.0 	LISTENING	 0.0.0.0:220
1328:InoRpc.exe		UDP 43508  	169.254.113.96 			 *:*
1552:CcmExec.exe	UDP 1114  	0.0.0.0 			 *:*
1896:WINWORD.EXE	TCP 3807  	169.254.113.96 	CLOSE WAIT	 169.254.237.37:3268
1896:WINWORD.EXE	UDP 3806  	0.0.0.0 			 *:*
1896:WINWORD.EXE	UDP 1510  	127.0.0.1 			 *:*
2148:IEXPLORE.EXE	TCP 4446  	169.254.113.96 	ESTABLISHED	 169.254.113.92:80
2148:IEXPLORE.EXE	UDP 4138  	127.0.0.1 			 *:*
3200:program.exe	TCP 1906  	169.254.113.96 	ESTABLISHED	 169.254.0.40:1025
3200:program.exe	TCP 4398  	169.254.113.96 	ESTABLISHED	 169.254.209.96:1433
3200:program.exe	TCP 4438  	169.254.113.96 	ESTABLISHED	 169.254.209.96:1433
3592:OUTLOOK.EXE	TCP 1256  	169.254.113.96 	ESTABLISHED	 169.254.1.105:1025
3592:OUTLOOK.EXE	TCP 2214  	169.254.113.96 	CLOSE WAIT	 169.254.237.37:3268
3592:OUTLOOK.EXE	TCP 2971  	169.254.113.96 	ESTABLISHED	 169.254.5.216:1434
3592:OUTLOOK.EXE	TCP 4439  	169.254.113.96 	ESTABLISHED	 169.254.47.242:1788
3592:OUTLOOK.EXE	UDP 1307  	0.0.0.0 			 *:*
3592:OUTLOOK.EXE	UDP 1553  	0.0.0.0 			 *:*
3660:IEXPLORE.EXE	TCP 4452  	169.254.113.96 	ESTABLISHED	 169.254.9.74:80
3660:IEXPLORE.EXE	TCP 4453  	169.254.113.96 	ESTABLISHED	 169.254.9.74:80
3660:IEXPLORE.EXE	TCP 4454  	169.254.113.96 	ESTABLISHED	 169.254.230.88:80
3660:IEXPLORE.EXE	UDP 4451  	127.0.0.1 			 *:*
4048:program2.exe		UDP 3689  	127.0.0.1 			 *:*

Port Statistics

TCP mappings: 27
UDP mappings: 28

TCP ports in a LISTENING state: 	9 = 33.33%
TCP ports in a ESTABLISHED state: 	12 = 44.44%
TCP ports in a CLOSE WAIT state: 	4 = 14.81%
TCP ports in a TIME WAIT state: 	2 = 7.41%


Port and Module Information by Process

Note: restrictions applied to some processes may 
      prevent Portqry from accessing more information

      For best results run Portqry in the context of
      the local administrator

======================================================
Process ID: 0 (System Idle Process)

PID	Port		Local IP	State		 Remote IP:Port
0	TCP 4442  	169.254.113.96 	TIME WAIT	 169.254.5.136:80
0	TCP 4456  	169.254.113.96 	TIME WAIT	 169.254.5.44:445

Port Statistics

TCP mappings: 2
UDP mappings: 0

TCP ports in a TIME WAIT state: 	2 = 100.00%


Could not access module information for this process

======================================================

Process ID: 4 (System Process)

PID	Port		Local IP	State		 Remote IP:Port
4	TCP 445  	0.0.0.0 	LISTENING	 0.0.0.0:2160
4	TCP 139  	169.254.113.96 	LISTENING	 0.0.0.0:24793
4	TCP 1475  	169.254.113.96 	ESTABLISHED	 169.254.8.176:445
4	UDP 445  	0.0.0.0 			 *:*
4	UDP 137  	169.254.113.96 			 *:*
4	UDP 138  	169.254.113.96 			 *:*

Port Statistics

TCP mappings: 3
UDP mappings: 3

TCP ports in a LISTENING state: 	2 = 66.67%
TCP ports in a ESTABLISHED state: 	1 = 33.33%


Could not access module information for this process

======================================================

Process ID: 352 (smss.exe)

Process doesn't appear to be a service


Port Statistics

TCP mappings: 0
UDP mappings: 0


Loaded modules:
\SystemRoot\System32\smss.exe (0x48580000)

C:\WINDOWS\system32\ntdll.dll (0x77F40000)
======================================================

Process ID: 484 (lsass.exe)

Service Name: Netlogon
Display Name: Net Logon
Service Type: shares a process with other services

Service Name: PolicyAgent
Display Name: IPSEC Services
Service Type: shares a process with other services

Service Name: ProtectedStorage
Display Name: Protected Storage

Service Name: SamSs
Display Name: Security Accounts Manager
Service Type: shares a process with other services

PID	Port		Local IP	State		 Remote IP:Port
484	TCP 1064  	0.0.0.0 	LISTENING	 0.0.0.0:2064
484	UDP 500  	0.0.0.0 			 *:*
484	UDP 1031  	0.0.0.0 			 *:*
484	UDP 4500  	0.0.0.0 			 *:*

Port Statistics

TCP mappings: 1
UDP mappings: 3

TCP ports in a LISTENING state: 	1 = 100.00%

Loaded modules:
C:\WINDOWS\system32\lsass.exe (0x01000000)

C:\WINDOWS\system32\ntdll.dll (0x77F40000)
C:\WINDOWS\system32\kernel32.dll (0x77E40000)
C:\WINDOWS\system32\ADVAPI32.dll (0x77DA0000)
C:\WINDOWS\system32\RPCRT4.dll (0x77C50000)
C:\WINDOWS\system32\LSASRV.dll (0x742C0000)
C:\WINDOWS\system32\msvcrt.dll (0x77BA0000)
C:\WINDOWS\system32\Secur32.dll (0x76F50000)
C:\WINDOWS\system32\USER32.dll (0x77D00000)
C:\WINDOWS\system32\GDI32.dll (0x77C00000)
C:\WINDOWS\system32\SAMSRV.dll (0x741D0000)
C:\WINDOWS\system32\cryptdll.dll (0x766E0000)
C:\WINDOWS\system32\DNSAPI.dll (0x76ED0000)
C:\WINDOWS\system32\WS2_32.dll (0x71C00000)
C:\WINDOWS\system32\WS2HELP.dll (0x71BF0000)
C:\WINDOWS\system32\MSASN1.dll (0x76190000)
C:\WINDOWS\system32\NETAPI32.dll (0x71C40000)
C:\WINDOWS\system32\SAMLIB.dll (0x5CCF0000)
C:\WINDOWS\system32\MPR.dll (0x71BD0000)
C:\WINDOWS\system32\NTDSAPI.dll (0x766F0000)
C:\WINDOWS\system32\WLDAP32.dll (0x76F10000)
C:\WINDOWS\system32\IMM32.DLL (0x76290000)
C:\WINDOWS\system32\LPK.DLL (0x62D80000)

======================================================

Process ID: 668 (svchost.exe)

Service Name: RpcSs
Display Name: Remote Procedure Call (RPC)
Service Type: shares a process with other services

PID	Port		Local IP	State		 Remote IP:Port
668	TCP 135  	0.0.0.0 	LISTENING	 0.0.0.0:16532

Port Statistics

TCP mappings: 1
UDP mappings: 0

TCP ports in a LISTENING state: 	1 = 100.00%

Loaded modules:
C:\WINDOWS\system32\svchost.exe (0x01000000)

C:\WINDOWS\system32\ntdll.dll (0x77F40000)
C:\WINDOWS\system32\kernel32.dll (0x77E40000)
C:\WINDOWS\system32\ADVAPI32.dll (0x77DA0000)
C:\WINDOWS\system32\RPCRT4.dll (0x77C50000)
c:\windows\system32\rpcss.dll (0x75700000)
C:\WINDOWS\system32\msvcrt.dll (0x77BA0000)
c:\windows\system32\WS2_32.dll (0x71C00000)
c:\windows\system32\WS2HELP.dll (0x71BF0000)
C:\WINDOWS\system32\USER32.dll (0x77D00000)
C:\WINDOWS\system32\GDI32.dll (0x77C00000)
c:\windows\system32\Secur32.dll (0x76F50000)
C:\WINDOWS\system32\IMM32.DLL (0x76290000)
C:\WINDOWS\system32\LPK.DLL (0x62D80000)
C:\WINDOWS\system32\USP10.dll (0x73010000)
C:\WINDOWS\system32\mswsock.dll (0x71B20000)
C:\Program Files\Microsoft Firewall Client\wspwsp.dll (0x55600000)
C:\WINDOWS\system32\iphlpapi.dll (0x76CF0000)
C:\WINDOWS\System32\wshqos.dll (0x57B60000)
C:\WINDOWS\system32\wshtcpip.dll (0x71AE0000)
C:\WINDOWS\system32\CLBCatQ.DLL (0x76F90000)
C:\WINDOWS\system32\OLEAUT32.dll (0x770E0000)
C:\WINDOWS\system32\ole32.dll (0x77160000)
C:\WINDOWS\system32\COMRes.dll (0x77010000)
C:\WINDOWS\system32\VERSION.dll (0x77B90000)
C:\WINDOWS\system32\msi.dll (0x76300000)
C:\WINDOWS\system32\WTSAPI32.dll (0x76F00000)
C:\WINDOWS\system32\WINSTA.dll (0x76260000)
C:\WINDOWS\system32\NETAPI32.dll (0x71C40000)
C:\WINDOWS\system32\USERENV.dll (0x75970000)
======================================================


========= end of log file =========

You can use this information to determine which ports are associated with a particular program or service that is running on the computer. In some cases, Portqry may report that the System Idle process (PID 0) is using some TCP ports. This behavior may occur if a local program connects to a TCP port, and then stops. The program�s TCP connection to the port may be left in a "Timed Wait" state even though the program is no longer running. In this case, Portqry may detect that the port is in use. However, Portqry cannot identify the program that is using the port because the program has stopped. The PID was released. The port may be in a "Timed Wait" state for several minutes even though the process that was using the port has stopped. By default, the port remains in a "Timed Wait" state for twice as long as the maximum segment lifetime.

portqry.exe -wportport_number(watch port): With the watch port command, PortQry can watch the specified port for changes. These changes may include an increase or decrease in the number of connections to the port or a change in the connection state of any one of the existing connections. For example, you type the following command, and then press ENTER:

portqry -wport 53

As a result, PortQry watches TCP and UDP port 53. PortQry reports when any new TCP connections are made to this port. PortQry also reports one or more of the following state changes for the specified TCP port:

CLOSE_WAIT
CLOSED
ESTABLISHED
FIN_WAIT_1
LAST_ACK
LISTEN
SYN_RECEIVED
SYN_SEND
TIMED_WAIT

For example, if a connection's state changes from ESTABLISHED to CLOSE_WAIT, a change in state has occurred. When the port's state changes, PortQry displays the port's connection table. Portqry reports if a program is bound to the UDP port, but it does not report if the UDP port receives datagrams.

Optional parameters

-v(verbose): For additional state information, include the-vparameter in the PortQry command-line. When you use this parameter, PortQry also displays the modules that are using the ports. �� , ��portqry.exe -wport 135 -v.
-wt(watch time): By default, PortQry checks for changes in the specified port's connection table one time every 60 seconds. To configure this interval, use the-wt��. For example, you type the following command, and then press ENTER:
portqry.exe -wport 135 -v -wt 2
As a result, PortQry checks TCP port 135 and UDP port 135 for changes every 2 seconds. You can specify a time interval from 1 to 1200 (inclusive). With this parameter, you can to watch for changes from every 1 second up to one time every 20 minutes.

-l(log file): To log the output from the watch port command, use the-l��. For example, you type the following command, and then press ENTER:

portqry.exe -wport 2203 -v -wt 30 -l test.txt

As a result, a log file that is similar to the following log file is generated:

Portqry Version 2.0 Log File

System Date: Sat Oct 04 08:54:06 2003

Command run:
 portqry -wport 135 -v -l test.txt

Local computer name:

 host123

Watching port: 135

Checking for changes every 60 seconds

verbose output requested

============
System Date: Sat Oct 04 08:54:07 2003


======================================================

Process ID: 952 (svchost.exe)

Service Name: RpcSs
Display Name: Remote Procedure Call (RPC)
Service Type: shares a process with other services

PID	Port		Local IP	State		 Remote IP:Port
952	TCP 135  	0.0.0.0 	LISTENING	 0.0.0.0:45198
952	UDP 135  	0.0.0.0 			 *:*

Port Statistics

TCP mappings: 1
UDP mappings: 1

TCP ports in a LISTENING state: 	1 = 100.00%

Loaded modules:
D:\WINDOWS\system32\svchost.exe (0x01000000)

D:\WINDOWS\System32\ntdll.dll (0x77F50000)
D:\WINDOWS\system32\kernel32.dll (0x77E60000)
D:\WINDOWS\system32\ADVAPI32.dll (0x77DD0000)
D:\WINDOWS\system32\RPCRT4.dll (0x78000000)
d:\windows\system32\rpcss.dll (0x75850000)
D:\WINDOWS\system32\msvcrt.dll (0x77C10000)
d:\windows\system32\WS2_32.dll (0x71AB0000)
d:\windows\system32\WS2HELP.dll (0x71AA0000)
D:\WINDOWS\system32\USER32.dll (0x77D40000)
D:\WINDOWS\system32\GDI32.dll (0x77C70000)
d:\windows\system32\Secur32.dll (0x76F90000)
D:\WINDOWS\system32\userenv.dll (0x75A70000)
D:\WINDOWS\system32\mswsock.dll (0x71A50000)
D:\WINDOWS\System32\wshtcpip.dll (0x71A90000)
D:\WINDOWS\system32\DNSAPI.dll (0x76F20000)
D:\WINDOWS\system32\iphlpapi.dll (0x76D60000)
D:\WINDOWS\System32\winrnr.dll (0x76FB0000)
D:\WINDOWS\system32\WLDAP32.dll (0x76F60000)
D:\WINDOWS\system32\rasadhlp.dll (0x76FC0000)
D:\WINDOWS\system32\CLBCATQ.DLL (0x76FD0000)
D:\WINDOWS\system32\ole32.dll (0x771B0000)
D:\WINDOWS\system32\OLEAUT32.dll (0x77120000)
D:\WINDOWS\system32\COMRes.dll (0x77050000)
D:\WINDOWS\system32\VERSION.dll (0x77C00000)
============
System Date: Sat Oct 04 08:56:08 2003


======================================================

Process ID: 952 (svchost.exe)

Service Name: RpcSs
Display Name: Remote Procedure Call (RPC)
Service Type: shares a process with other services

PID	Port		Local IP	State		 Remote IP:Port
952	TCP 135  	0.0.0.0 	LISTENING	 0.0.0.0:45198
952	UDP 135  	0.0.0.0 			 *:*
952	UDP 135  	0.0.0.0 			 *:*

Port Statistics

TCP mappings: 1
UDP mappings: 2

TCP ports in a LISTENING state: 	1 = 100.00%

Loaded modules:
D:\WINDOWS\system32\svchost.exe (0x01000000)

D:\WINDOWS\System32\ntdll.dll (0x77F50000)
D:\WINDOWS\system32\kernel32.dll (0x77E60000)
D:\WINDOWS\system32\ADVAPI32.dll (0x77DD0000)
D:\WINDOWS\system32\RPCRT4.dll (0x78000000)
d:\windows\system32\rpcss.dll (0x75850000)
D:\WINDOWS\system32\msvcrt.dll (0x77C10000)
d:\windows\system32\WS2_32.dll (0x71AB0000)
d:\windows\system32\WS2HELP.dll (0x71AA0000)
D:\WINDOWS\system32\USER32.dll (0x77D40000)
D:\WINDOWS\system32\GDI32.dll (0x77C70000)
d:\windows\system32\Secur32.dll (0x76F90000)
D:\WINDOWS\system32\userenv.dll (0x75A70000)
D:\WINDOWS\system32\mswsock.dll (0x71A50000)
D:\WINDOWS\System32\wshtcpip.dll (0x71A90000)
D:\WINDOWS\system32\DNSAPI.dll (0x76F20000)
D:\WINDOWS\system32\iphlpapi.dll (0x76D60000)
D:\WINDOWS\System32\winrnr.dll (0x76FB0000)
D:\WINDOWS\system32\WLDAP32.dll (0x76F60000)
D:\WINDOWS\system32\rasadhlp.dll (0x76FC0000)
D:\WINDOWS\system32\CLBCATQ.DLL (0x76FD0000)
D:\WINDOWS\system32\ole32.dll (0x771B0000)
D:\WINDOWS\system32\OLEAUT32.dll (0x77120000)
D:\WINDOWS\system32\COMRes.dll (0x77050000)
D:\WINDOWS\system32\VERSION.dll (0x77C00000)
============

escape key pressed: stopped watching port 135
System Date: Sat Oct 04 09:09:12 2003


========= end of log file =========

portqry.exe -wpidprocess_number(�� PID): �� PID, PortQry �� (PID) �� . �� . �� . �� , �� , �� , �� ENTER:

�� Portqry.exe - wpid 1276 - wt 2 - v -lPID.txt

�� , �� :

PortQry Version 2.0 Log File

System Date: Tue Oct 07 14:01:13 2003

Command run:
 portqry -wpid 1276 -wt 2 -v -l pid.txt

Local computer name:

 host123

Watching PID: 1276

Checking for changes every 2 seconds

verbose output requested

Service Name: DNS
Display Name: DNS Server
Service Type: runs in its own process

============
System Date: Tue Oct 07 14:01:14 2003


======================================================

Process ID: 1276 (dns.exe)

Service Name: DNS
Display Name: DNS Server
Service Type: runs in its own process

PID	Port		Local IP	State		 Remote IP:Port
1276	TCP 53  	0.0.0.0 	LISTENING	 0.0.0.0:2160
1276	TCP 1087  	0.0.0.0 	LISTENING	 0.0.0.0:37074
1276	UDP 1086  	0.0.0.0 			 *:*
1276	UDP 2126  	0.0.0.0 			 *:*
1276	UDP 53  	127.0.0.1 			 *:*
1276	UDP 1085  	127.0.0.1 			 *:*
1276	UDP 53  	169.254.11.96 			 *:*

Port Statistics

TCP mappings: 2
UDP mappings: 5

TCP ports in a LISTENING state: 	2 = 100.00%

Loaded modules:
C:\WINDOWS\System32\dns.exe (0x01000000)

C:\WINDOWS\system32\ntdll.dll (0x77F40000)
C:\WINDOWS\system32\kernel32.dll (0x77E40000)
C:\WINDOWS\system32\msvcrt.dll (0x77BA0000)
C:\WINDOWS\system32\ADVAPI32.dll (0x77DA0000)
C:\WINDOWS\system32\RPCRT4.dll (0x77C50000)
C:\WINDOWS\System32\WS2_32.dll (0x71C00000)
C:\WINDOWS\System32\WS2HELP.dll (0x71BF0000)
C:\WINDOWS\system32\USER32.dll (0x77D00000)
C:\WINDOWS\system32\GDI32.dll (0x77C00000)
C:\WINDOWS\System32\NETAPI32.dll (0x71C40000)
C:\WINDOWS\system32\WLDAP32.dll (0x76F10000)
C:\WINDOWS\System32\DNSAPI.dll (0x76ED0000)
C:\WINDOWS\System32\NTDSAPI.dll (0x766F0000)
C:\WINDOWS\System32\Secur32.dll (0x76F50000)
C:\WINDOWS\system32\SHLWAPI.dll (0x77290000)
C:\WINDOWS\System32\iphlpapi.dll (0x76CF0000)
C:\WINDOWS\System32\MPRAPI.dll (0x76CD0000)
C:\WINDOWS\System32\ACTIVEDS.dll (0x76DF0000)
C:\WINDOWS\System32\adsldpc.dll (0x76DC0000)
C:\WINDOWS\System32\credui.dll (0x76B80000)
C:\WINDOWS\system32\SHELL32.dll (0x77380000)
C:\WINDOWS\System32\ATL.DLL (0x76A80000)
C:\WINDOWS\system32\ole32.dll (0x77160000)
C:\WINDOWS\system32\OLEAUT32.dll (0x770E0000)
C:\WINDOWS\System32\rtutils.dll (0x76E30000)
C:\WINDOWS\System32\SAMLIB.dll (0x5CCF0000)
C:\WINDOWS\System32\SETUPAPI.dll (0x765A0000)
C:\WINDOWS\system32\IMM32.DLL (0x76290000)
C:\WINDOWS\System32\LPK.DLL (0x62D80000)
C:\WINDOWS\System32\USP10.dll (0x73010000)
C:\WINDOWS\System32\netman.dll (0x76D80000)
C:\WINDOWS\System32\RASAPI32.dll (0x76E90000)
C:\WINDOWS\System32\rasman.dll (0x76E40000)
C:\WINDOWS\System32\TAPI32.dll (0x76E60000)
C:\WINDOWS\System32\WINMM.dll (0x76AA0000)
C:\WINDOWS\system32\CRYPT32.dll (0x761B0000)
C:\WINDOWS\system32\MSASN1.dll (0x76190000)
C:\WINDOWS\System32\WZCSvc.DLL (0x76D30000)
C:\WINDOWS\System32\WMI.dll (0x76CC0000)
C:\WINDOWS\System32\DHCPCSVC.DLL (0x76D10000)
C:\WINDOWS\System32\WTSAPI32.dll (0x76F00000)
C:\WINDOWS\System32\WINSTA.dll (0x76260000)
C:\WINDOWS\System32\ESENT.dll (0x69750000)
C:\WINDOWS\System32\WZCSAPI.DLL (0x730A0000)
C:\WINDOWS\system32\mswsock.dll (0x71B20000)
C:\WINDOWS\System32\wshtcpip.dll (0x71AE0000)
C:\WINDOWS\System32\winrnr.dll (0x76F70000)
C:\WINDOWS\System32\rasadhlp.dll (0x76F80000)
C:\WINDOWS\system32\kerberos.dll (0x71CA0000)
C:\WINDOWS\System32\cryptdll.dll (0x766E0000)
C:\WINDOWS\system32\msv1_0.dll (0x76C90000)
C:\WINDOWS\System32\security.dll (0x71F60000)

escape key pressed: stopped watching PID 1276
System Date: Tue Oct 07 14:01:16 2003



========= end of log file =========

�� -wport��, �� , �� -wpid��, �� PID �� . �� PortQry �� .

���� -wport� �� -wpid�� (��) ��-l), �� ESC �� PortQry �� PortQry �� . �� CTRL + C �� PortQry �� ESC, �� . �� , �� .

��

�� PortQry, �� Microsoft:

310099� (http://support.microsoft.com/kb/310099/ ) �� Portqry.exe

310456� (http://support.microsoft.com/kb/310456/ ) �� Portqry �� Active Directory

310298� (http://support.microsoft.com/kb/310298/ ) �� Portqry.exe �� Microsoft Exchange Server ��

310513� (http://support.microsoft.com/kb/310513/ ) �� Portqry.exe ��

���� PortQueryUI �� . �� PortQueryUI �� , �� PortQry. �� PortQueryUI, �� Microsoft �� Web:

http://download.microsoft.com/download/3/f/4/3f4c6a54-65f0-4164-bdec-a3411ba24d3a/PortQryUI.exe (http://download.microsoft.com/download/3/f/4/3f4c6a54-65f0-4164-bdec-a3411ba24d3a/PortQryUI.exe)

��

�� :

Microsoft Windows Small Business Server 2003 Premium Edition
Microsoft Windows Small Business Server 2003 Standard Edition
Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
Microsoft Windows Server 2003, Standard Edition (32-bit x86)
Microsoft Windows XP Professional
Microsoft Windows 2000 Professional Edition
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server

��

kbhowto kbinfo kbprb kbmt KB832919 KbMtel

��

��: �� Microsoft �� . � Microsoft �� . ��, �� . �� , �� , �� . � Microsoft �� , �� . ��, � Microsoft �� .

� �� :832919� (http://support.microsoft.com/kb/832919/en-us/ )

��

This site in other countries/regions:

�� PortQry, �� 2.0

��

��

��

Port status reporting

PortQry version 2.0 features

LDAP support

��

RPC support

��

�� DNS

�� NetBIOS

�� SNMP

��

� �� ISA Server

��

��

� �� SQL Server 2000

��

�� TFTP

��

L2TP support

��

��

��

�� PortQry

��

�� PortQry

�� PortQry

��

�� :

��-��:�

��

T��

��

��

��

��

This site in other countries/regions:

���� ����������� ��� ����������� ��� PortQry, ������ 2.0

�� ����� �� ������

��������

����������

Port status reporting

PortQry version 2.0 features

LDAP support

������ ������

RPC support

������ ������

���������� DNS

���������� ��������� �������� NetBIOS

���������� SNMP

������ ������

� ���������� ��� ISA Server

������ ������

������ ������

� ���������� ��� SQL Server 2000

������ ������

���������� TFTP

������ ������

L2TP support

������ ������

����������� ��� ����� ��� ��������� ������� ��� �����

�������� ��������� ����������� ��� �������������

�������� ������� ������� ��� PortQry

��������� �����������

���������������� ��������� ����������� PortQry

������ ���������� PortQry

��������

�� ����������� �� ���� �� ����� ������� ���:

������-�������:�

������� ��� �� ������ ��� ��� ����� ��� �����������

T��������� �����������

���������

����� ���� ��������

����������� ������

������� ������ �����������

�� PortQry, �� 2.0

��

��

��

��

��

�� DNS

�� NetBIOS

�� SNMP

��

� �� ISA Server

��

��

� �� SQL Server 2000

��

�� TFTP

��

��

��

��

�� PortQry

��

�� PortQry

�� PortQry

��

�� :

��-��:�

��

T��

��

��

��

��