PortQuery GUI Version

It’s always a good idea to verify that there’s nothing on the network and application stack that would prevent certain services from operating as intended. This checking should be done in some of these scenarios:

  • Verify firewall permissiveness prior to site-to-site [virtual] machine migration
  • Check that Read-Only Domain Controllers in the DMZ can communicate with the Servers in the Production Data (Tier 3A) subnets
  • Confirm that Applications such as FTP and OpenVPN are able to respond to incoming requests at port 443 inbound from the Internet Zone by setting outgoing traffic from the DMZ (Web Tier 1A). 

Although I favor the CLI version of this Systernal utility, The GUI version is useful as well. Let’s take a quick look at the PortQuery thingy.

Link to download: http://download.microsoft.com/download/3/f/4/3f4c6a54-65f0-4164-bdec-a3411ba24d3a/portqryui.exe

Extract: once the portqryuil.exe has been triggered, it shall self-extract. Click on the Unzip button.

Extracted: within a few seconds, this content would be generated. PortQry.exe should be moved into the Environment path (e.g. C:\Windows\System32), and portqueryui.exe the user interface wrapper for such tool. Note that the UI does include some predefined services within the config.xml. Hence, additional preset services can be added within that file.

Execute: this is an example of using PortQueryUI to check for Domains and Trusts network ports feasibility between a PC on the user’s subnet and my domain controller. The screenshot shows the UI and the pasted blob is expanded result as indicated as a “Query Result.”

=============================================

Starting portqry.exe -n DC01.KIMCONNECT.COM -e 135 -p TCP ...

Querying target system called:

DC01.KIMCONNECT.COM

Attempting to resolve name to IP address...

Name resolved to 192.199.199.63

querying...

TCP port 135 (epmap service): LISTENING

Using ephemeral source port
Querying Endpoint Mapper Database...
Server's response:

UUID: d95afe70-a6d5-4259-822e-
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49152]

UUID: 897e2e5f-93f3-4376-9c9c -Frs2 Service
ncacn_ip_tcp:DC01.KIMCONNECT.COM[5722]

UUID: 6b5bdd1e-528c-422c-af8c- Remote Fw APIs
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49242]

UUID: 12345678-1234-abcd-ef00- IPSec Policy agent endpoint
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49242]

UUID: 367abb81-9844-35f1-ad32-
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49240]

UUID: 50abc2a4-574d-40b3-9d66-
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49234]

UUID: eb107bd0-c461-11cf-9522- CpqRcmc3
ncacn_np:DC01.KIMCONNECT.COM[\\pipe\\cpqrcmc]

UUID: e3514235-4b06-11d1-ab04- MS NT Directory DRS Interface
ncacn_np:DC01.KIMCONNECT.COM[\\pipe\\lsass]

UUID: e3514235-4b06-11d1-ab04- MS NT Directory DRS Interface
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\protected_storage]

UUID: e3514235-4b06-11d1-ab04- MS NT Directory DRS Interface
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49155]

UUID: e3514235-4b06-11d1-ab04- MS NT Directory DRS Interface
ncacn_http:DC01.KIMCONNECT.COM[49158]

UUID: f5cc5a18-4264-101a-8c59- MS NT Directory NSP Interface
ncacn_np:DC01.KIMCONNECT.COM[\\pipe\\lsass]

UUID: f5cc5a18-4264-101a-8c59- MS NT Directory NSP Interface
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\protected_storage]

UUID: f5cc5a18-4264-101a-8c59- MS NT Directory NSP Interface
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49155]

UUID: f5cc5a18-4264-101a-8c59- MS NT Directory NSP Interface
ncacn_http:DC01.KIMCONNECT.COM[49158]

UUID: 12345778-1234-abcd-ef00-
ncacn_np:DC01.KIMCONNECT.COM[\\pipe\\lsass]

UUID: 12345778-1234-abcd-ef00-
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\protected_storage]

UUID: 12345778-1234-abcd-ef00-
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49155]

UUID: 12345778-1234-abcd-ef00-
ncacn_http:DC01.KIMCONNECT.COM[49158]

UUID: 12345778-1234-abcd-ef00-
ncacn_np:DC01.KIMCONNECT.COM[\\pipe\\lsass]

UUID: 12345778-1234-abcd-ef00-
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\protected_storage]

UUID: 12345778-1234-abcd-ef00-
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49155]

UUID: 12345778-1234-abcd-ef00-
ncacn_http:DC01.KIMCONNECT.COM[49158]

UUID: 12345778-1234-abcd-ef00-
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49159]

UUID: 12345678-1234-abcd-ef00-
ncacn_np:DC01.KIMCONNECT.COM[\\pipe\\lsass]

UUID: 12345678-1234-abcd-ef00-
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\protected_storage]

UUID: 12345678-1234-abcd-ef00-
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49155]

UUID: 12345678-1234-abcd-ef00-
ncacn_http:DC01.KIMCONNECT.COM[49158]

UUID: 12345678-1234-abcd-ef00-
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49159]

UUID: 7f1343fe-50a9-4927-a778- DfsDs service
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\wkssvc]

UUID: 3473dd4d-2e88-4006-9cba- WinHttp Auto-Proxy Service
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\W32TIME_ALT]

UUID: 1ff70682-0a51-30e8-076d-
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\atsvc]

UUID: 378e52b0-c0a9-11cf-822d-
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\atsvc]

UUID: 86d35949-83c9-4044-b424-
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\atsvc]

UUID: 86d35949-83c9-4044-b424-
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49154]

UUID: 98716d03-89ac-44c7-bb8c- XactSrv service
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\atsvc]

UUID: 98716d03-89ac-44c7-bb8c- XactSrv service
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49154]

UUID: a398e520-d59a-4bdd-aa7a- IKE/Authip API
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\atsvc]

UUID: a398e520-d59a-4bdd-aa7a- IKE/Authip API
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49154]

UUID: a398e520-d59a-4bdd-aa7a- IKE/Authip API
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\srvsvc]

UUID: 552d076a-cb29-4e44-8b6a- IP Transition Configuration endpoint
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\atsvc]

UUID: 552d076a-cb29-4e44-8b6a- IP Transition Configuration endpoint
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49154]

UUID: 552d076a-cb29-4e44-8b6a- IP Transition Configuration endpoint
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\srvsvc]

UUID: c9ac6db5-82b7-4e55-ae8a- Impl friendly name
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\atsvc]

UUID: c9ac6db5-82b7-4e55-ae8a- Impl friendly name
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49154]

UUID: c9ac6db5-82b7-4e55-ae8a-e464ed7b4277 Impl friendly name
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\srvsvc]

UUID: 30b044a5-a225-43f0-b3a4-
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\atsvc]

UUID: 30b044a5-a225-43f0-b3a4-
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49154]

UUID: 30b044a5-a225-43f0-b3a4-
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\srvsvc]

UUID: 7d814569-35b3-4850-bb32- IAS RPC server
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\atsvc]

UUID: 7d814569-35b3-4850-bb32- IAS RPC server
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49154]

UUID: 7d814569-35b3-4850-bb32- IAS RPC server
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\srvsvc]

UUID: f6beaff7-1e19-4fbb-9f8f- Event log TCPIP
ncacn_np:DC01.KIMCONNECT.COM[\\pipe\\eventlog]

UUID: f6beaff7-1e19-4fbb-9f8f- Event log TCPIP
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49153]

UUID: 30adc50c-5cbc-46ce-9a0e- NRP server endpoint
ncacn_np:DC01.KIMCONNECT.COM[\\pipe\\eventlog]

UUID: 30adc50c-5cbc-46ce-9a0e- NRP server endpoint
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49153]

UUID: 3c4728c5-f0ab-448b-bda1- DHCPv6 Client LRPC Endpoint
ncacn_np:DC01.KIMCONNECT.COM[\\pipe\\eventlog]

UUID: 3c4728c5-f0ab-448b-bda1- DHCPv6 Client LRPC Endpoint
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49153]

UUID: 3c4728c5-f0ab-448b-bda1- DHCP Client LRPC Endpoint
ncacn_np:DC01.KIMCONNECT.COM[\\pipe\\eventlog]

UUID: 3c4728c5-f0ab-448b-bda1- DHCP Client LRPC Endpoint
ncacn_ip_tcp:DC01.KIMCONNECT.COM[49153]

UUID: 76f226c3-ec14-4325-8a99-
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\InitShutdown]

UUID: d95afe70-a6d5-4259-822e-
ncacn_np:DC01.KIMCONNECT.COM[\\PIPE\\InitShutdown]

Total endpoints found: 62

==== End of RPC Endpoint Mapper query response ====
portqry.exe -n DC01.KIMCONNECT.COM -e 135 -p TCP exits with return code 0x00000000.
=============================================

Starting portqry.exe -n DC01.KIMCONNECT.COM -e 389 -p BOTH ...

Querying target system called:

DC01.KIMCONNECT.COM

Attempting to resolve name to IP address...

Name resolved to 192.199.199.63

querying...

TCP port 389 (ldap service): LISTENING

Using ephemeral source port
Sending LDAP query to TCP port 389...

LDAP query response:

currentdate: 04/03/2019 20:38:12 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=kimconnect,DC=com
dsServiceName: CN=NTDS Settings,CN=DC01,CN=Servers,CN=KIMCONNECT,CN=Sites,CN=Configuration,DC=KIMCONNECT,DC=COM
namingContexts: DC=KIMCONNECT,DC=com
defaultNamingContext: DC=KIMCONNECT,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=KIMCONNECT,DC=com
configurationNamingContext: CN=Configuration,DC=KIMCONNECT,DC=com
rootDomainNamingContext: DC=KIMCONNECT,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 684952787
supportedSASLMechanisms: GSSAPI
dnsHostName: DC01.KIMCONNECT.COM.KIMCONNECT.com
ldapServiceName: KIMCONNECT.com:DC01.KIMCONNECT.COM$@KIMCONNECT.com
serverName: CN=DC01.KIMCONNECT.COM,CN=Servers,CN=KIMCONNECT,CN=Sites,CN=Configuration,DC=KIMCONNECT,DC=com
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 4
forestFunctionality: 4
domainControllerFunctionality: 4

======== End of LDAP query response ========

UDP port 389 (unknown service): LISTENING or FILTERED

Using ephemeral source port
Sending LDAP query to UDP port 389...

LDAP query to port 389 failed
Server did not respond to LDAP query

portqry.exe -n DC01.KIMCONNECT.COM -e 389 -p BOTH exits with return code 0x00000001.
=============================================

Starting portqry.exe -n DC01.KIMCONNECT.COM -e 636 -p TCP ...

Querying target system called:

DC01.KIMCONNECT.COM

Attempting to resolve name to IP address...

Name resolved to 192.199.199.63

querying...

TCP port 636 (ldaps service): LISTENING
portqry.exe -n DC01.KIMCONNECT.COM -e 636 -p TCP exits with return code 0x00000000.
=============================================

Starting portqry.exe -n DC01.KIMCONNECT.COM -e 3268 -p TCP ...

Querying target system called:

DC01.KIMCONNECT.COM

Attempting to resolve name to IP address...

Name resolved to 192.199.199.63

querying...

TCP port 3268 (msft-gc service): LISTENING

Using ephemeral source port
Sending LDAP query to TCP port 3268...

LDAP query response:

currentdate: 04/03/2019 20:38:49 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=KIMCONNECT,DC=com
dsServiceName: CN=NTDS Settings,CN=DC01.KIMCONNECT.COM,CN=Servers,CN=KIMCONNECT,CN=Sites,CN=Configuration,DC=KIMCONNECT,DC=com
namingContexts: DC=KIMCONNECT,DC=com
defaultNamingContext: DC=KIMCONNECT,DC=com
schemaNamingContext: CN=Schema,CN=Configuration,DC=KIMCONNECT,DC=com
configurationNamingContext: CN=Configuration,DC=KIMCONNECT,DC=com
rootDomainNamingContext: DC=KIMCONNECT,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 684953041
supportedSASLMechanisms: GSSAPI
dnsHostName: DC01.KIMCONNECT.COM.KIMCONNECT.com
ldapServiceName: KIMCONNECT.com:DC01.KIMCONNECT.COM$@KIMCONNECT.com
serverName: CN=DC01.KIMCONNECT.COM,CN=Servers,CN=KIMCONNECT,CN=Sites,CN=Configuration,DC=KIMCONNECT,DC=com
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 4
forestFunctionality: 4
domainControllerFunctionality: 4


======== End of LDAP query response ========
portqry.exe -n DC01.KIMCONNECT.COM -e 3268 -p TCP exits with return code 0x00000000.
=============================================

Starting portqry.exe -n DC01.KIMCONNECT.COM -e 3269 -p TCP ...


Querying target system called:

DC01.KIMCONNECT.COM

Attempting to resolve name to IP address...

Name resolved to 192.199.199.63

querying...

TCP port 3269 (msft-gc-ssl service): LISTENING
portqry.exe -n DC01.KIMCONNECT.COM -e 3269 -p TCP exits with return code 0x00000000.
=============================================

Starting portqry.exe -n DC01.KIMCONNECT.COM -e 53 -p BOTH ...


Querying target system called:

DC01.KIMCONNECT.COM

Attempting to resolve name to IP address...

Name resolved to 192.199.199.63

querying...

TCP port 53 (domain service): LISTENING

UDP port 53 (domain service): LISTENING
portqry.exe -n DC01.KIMCONNECT.COM -e 53 -p BOTH exits with return code 0x00000000.
=============================================

Starting portqry.exe -n DC01.KIMCONNECT.COM -e 88 -p BOTH ...


Querying target system called:

DC01.KIMCONNECT.COM

Attempting to resolve name to IP address...

Name resolved to 192.199.199.63

querying...

TCP port 88 (kerberos service): LISTENING

UDP port 88 (kerberos service): LISTENING or FILTERED
portqry.exe -n DC01.KIMCONNECT.COM -e 88 -p BOTH exits with return code 0x00000002.
=============================================

Starting portqry.exe -n DC01.KIMCONNECT.COM -e 445 -p TCP ...


Querying target system called:

DC01.KIMCONNECT.COM

Attempting to resolve name to IP address...

Name resolved to 192.199.199.63

querying...

TCP port 445 (microsoft-ds service): LISTENING
portqry.exe -n DC01.KIMCONNECT.COM -e 445 -p TCP exits with return code 0x00000000.
=============================================

Starting portqry.exe -n DC01.KIMCONNECT.COM -e 137 -p UDP ...


Querying target system called:

DC01.KIMCONNECT.COM

Attempting to resolve name to IP address...


Name resolved to 192.199.199.63

querying...

UDP port 137 (netbios-ns service): NOT LISTENING
portqry.exe -n DC01.KIMCONNECT.COM -e 137 -p UDP exits with return code 0x00000001.
=============================================

Starting portqry.exe -n DC01.KIMCONNECT.COM -e 138 -p UDP ...


Querying target system called:

DC01.KIMCONNECT.COM

Attempting to resolve name to IP address...


Name resolved to 192.199.199.63

querying...

UDP port 138 (netbios-dgm service): LISTENING or FILTERED
portqry.exe -n DC01.KIMCONNECT.COM -e 138 -p UDP exits with return code 0x00000002.
=============================================

Starting portqry.exe -n DC01.KIMCONNECT.COM -e 139 -p TCP ...


Querying target system called:

DC01.KIMCONNECT.COM

Attempting to resolve name to IP address...

Name resolved to 192.199.199.63

querying...

TCP port 139 (netbios-ssn service): NOT LISTENING
portqry.exe -n DC01.KIMCONNECT.COM -e 139 -p TCP exits with return code 0x00000001.
=============================================

Starting portqry.exe -n DC01.KIMCONNECT.COM -e 42 -p TCP ...


Querying target system called:

DC01.KIMCONNECT.COM

Attempting to resolve name to IP address...

Name resolved to 192.199.199.63

querying...

TCP port 42 (nameserver service): NOT LISTENING
portqry.exe -n DC01.KIMCONNECT.COM -e 42 -p TCP exits with return code 0x00000001.

Leave a Reply

Your email address will not be published. Required fields are marked *