你可以使用Test-NetConnection 检查远程计算机上的端口是否可用(打开)。您可以使用它检查远程服务器或网络服务的响应和可用性,测试TCP端口是否被防火墙阻止,检查ICMP可用性和路由。事实上,Test-NetConnection取代了一些流行的网络管理工具,如ping、tracert、telnet、pathping、TCP端口扫描程序等。
1.检查打开的TCP端口:
Test-NetConnection -ComputerName Exch01 -Port 25
检查远程邮件服务器上的TCP端口25(SMTP协议)是否打开.
Test-NetConnection别名为TNC
TNC exch01 -Port 25
不带参数的TNC,默认检查internetbeacon.mssedge.net主机的可用性:
可以添加 –InformationLevel Detailed 显示更详细的信息:
TNC 192.168.66.10 -Port 3389 -InformationLevel Detailed
可以使用–CommonTCPPort 来指定网络协议的名称:如 http,smb,rdp,winrm
Test-NetConnection -ComputerName baidu.com -CommonTCPPort HTTP
Test-NetConnection rds01 –CommonTCPPort RDP
Test-NetConnection 192.168.66.10 -port 445|Format-List *
TNC 192.168.66.10 -Port 3389 -InformationLevel Quiet
可以添加–TraceRoute 来跟踪路由,也可以用-Hops参数来限制跳数:
Test-NetConnection baidu.com –TraceRoute
检查多个主机上的打开端口:
Get-Content c:\PS\list_servers.txt | where { -NOT (Test-Netconnection $_ -Port 22 -InformationLevel Quiet)}| Format-Table -AutoSize
foreach ($ip in 10..50) {Test-NetConnection -Port 3389 -InformationLevel "Detailed" 192.168.66.$ip}
foreach ($port in 1..1024) {If (($a=Test-NetConnection dc01 -Port $port -WarningAction SilentlyContinue).tcpTestSucceeded -eq $true){ "TCP port $port is open!"}}
How to List Open Ports on Windows with PowerShell:
Get-NetTcpConnection -State Listen | Select-Object LocalAddress,LocalPort| Sort-Object -Property LocalPort | Format-Table
Get-Process -Id (Get-NetTCPConnection -LocalPort 22).OwningProcess | ft Id, ProcessName, UserName, Path
Using PortQry to Check TCP/UDP Open Ports (Port Scanner):
下载 PortQryV2:
https://www.microsoft.com/en-us/download/details.aspx?id=17148
下载PortQryUI:
http://download.microsoft.com/download/3/f/4/3f4c6a54-65f0-4164-bdec-a3411ba24d3a/PortQryUI.exe
PortQry -n server [-p protocol] [-e || -r || -o endpoint(s)]
- -n is the name or IP address of the server, which availability you are checking;
- -e is the port number to be checked (from 1 to 65535);
- -r is the range of ports to be checked (for example, 1:80);
- -p is the protocol used for checking. It may be TCP, UDP, or BOTH (TCP is used by default).
PS D:\PortQryUI> .\PortQry.exe help
PortQry version 2.0
Displays the state of TCP and UDP ports
Command line mode: portqry -n name_to_query [-options]
Interactive mode: portqry -i [-n name_to_query] [-options]
Local Mode: portqry -local | -wpid pid| -wport port [-options]
Command line mode:
portqry -n name_to_query [-p protocol] [-e || -r || -o endpoint(s)] [-q]
[-l logfile] [-sp source_port] [-sl] [-cn SNMP community name]
Command line mode options explained:
-n [name_to_query] IP address or name of system to query
-p [protocol] TCP or UDP or BOTH (default is TCP)
-e [endpoint] port number and/or port ranges seperated by commas
to query. For port range, the end port should be equal or greater than
the start port. Valid port should be in range 1-65535.
For example: 80,53,1024-1350.
-r [end point range] range of ports to query (start:end)
-o [end point order] range of ports to query in an order (x,y,z)
-l [logfile] name of text log file to create
-y overwrites existing text log file without prompting
-sp [source port] initial source port to use for query
-sl 'slow link delay' waits longer for UDP replies from remote systems
-nr by-passes default IP address-to-name resolution
ignored unless an IP address is specified after -n
-cn specifies SNMP community name for query
ignored unless querying an SNMP port
must be delimited with !
-q 'quiet' operation runs with no output
returns 0 if port is listening
returns 1 if port is not listening
returns 2 if port is listening or filtered
Notes: PortQry runs on Windows 2000 and later systems
Defaults: TCP, port 80, no log file, slow link delay off
Hit Ctrl-c to terminate prematurely
examples:
portqry -n myserver.com -e 25
portqry -n 10.0.0.1 -e 53 -p UDP -i
portqry -n host1.dev.reskit.com -r 21:445
portqry -n 10.0.0.1 -o 25,445,1024 -p both -sp 53
portqry -n host2 -cn !my community name! -e 161 -p udp
Interactive Mode:
Used as an alternative to command line mode
portqry -i [-options]
For help with Interactive mode options:
- run portqry.exe
- then type 'help' <enter>
example:
portqry -i -n server1 -e 135 -p both
Local Mode:
Local Mode used to get detailed data on local system's ports
portqry -local | -wpid pid | -wport port [-wt seconds] [-l logfile] [-v]
Local mode options explained:
-local enumerates local port usage, port to process mapping,
service port usage, and lists loaded modules
-wport [port_number] watches specified port
reports when port's connection status changes
-wpid [process_ID] watches specified process ID (PID)
reports when PID's connection status changes
-wt [seconds] watch time option
specifies how often to check for status changes
valid range: 1 - 1200 seconds
default value is 60 seconds
-l [logfile] name of text log file to create
-v requests verbose output
Notes: PortQry runs on Windows 2000 and later systems
For best results run in context of local administrator
Port to process mapping may not be available on all systems
Hit Ctrl-c to terminate prematurely
examples:
portqry -local
portqry -local -l logfile.txt -v
portqry -wpid 1272 -wt 5 -l logfile.txt -y -v
portqry -wport 53 -l dnslog.txt
PortQueryUI
Possible return codes in PortQueryUI (highlighted in the screenshot):
0 (0x00000000) – the connection has been established successfully and the port is available;
1 (0x00000001) – the specified port is unavailable or filtered;
2 (0x00000002 – a normal return code when checking the availability of a UDP connection, since ACK response is not returned.
标签:Shell,name,Power,portqry,TCP,NetConnection,query,PortQuery,port From: https://blog.51cto.com/ganzy/6643506