Installing Citrix Port Check Utility The Citrix Port Check Utility is a command-line utility and is contained in a single executable (EXE) file. Copy the executable to the desired computer and directory, and run it from there using the CMD.exe.
Editor's note on June 4, 2015: Chad Perrin's April 2008 article about tools for listing active services and open ports is still one of our most popular articles, so we asked Jack Wallen to write a 2015 update on the topic. Chad's original article appears directly after Jack's update.
One of the biggest headaches for network administrators is open ports on devices. Unless you manually installed the operating system on every device on your network, ensuring to close down all unessential ports, you run the risk of attack.
What's Hot at TechRepublic
The ports you should disable will vary by system and may even be dictated by the needs of specialized software (for instance, QuickBooks requires specific ports — determined by release — in order to function). You need to come up with a list of ports that either can or must remain open. Once you have that list, you can set about closing up shop on those machines.
But how do you know which machines have which ports open? Sure, you could go around to every machine on your network, open whatever is being used as a firewall, and manually make sure all necessary ports are open and all unnecessary ports are closed.
Or, you can scan the network and find out which machines have which ports open. When you know the location of open ports, you can check that information against your master list and close everything that is necessary. Now comes the tricky part.
How to run a port scan
How do you find out which machine has which port open? You run a port scan. In case you don't know how to run a port scan, I'll walk you through the process.
I'm using a Linux machine for the scan. Why? Because Linux has great scanning tools that are ready for the task, free, and easy to use.
If you don't have a machine with Linux running on it, worry not — you can download a network penetration live distribution such as Kali Linux, burn the ISO onto a CD or USB flash drive, and boot a machine into a live instance of Linux (no changes will be made to the machine being used, as the live instance is run completely from RAM). With the live instance up and running, you'll have an amazing assortment of network forensic/analysis tools at your disposal.
The port scanning tool you should use
The best tool for port scanning is Nmap. If you don't want to monkey around with the command line, there's an outstanding GUI front end called Zenmap, which is available for Linux, Windows, and Mac. If you don't want to bother with Linux, you can install it on Windows. (Nmap is far more powerful than the Windows built-in network scanning tools.) Nmap and Zenmap work identically across platforms, so when you know how to use the tool on one platform, you can use it on all of the platforms.
After Zenmap is installed, you are ready to run a full port scan on your network. The size of your network will dictate the time it takes to run the scan. With Zenmap, you can run very general and very specific scans. Let's first run a very general scan to get an idea of what we're dealing with. We'll run a scan on an entire 192.168.1.x network.
- Open Zenmap.
- In the Target section, enter 192.168.1.1/24 (or, however large you need to scale).
- From the Profile, select Intense Scan.
- Click the Scan button.
You should immediately see results populate the Nmap Output tab; the results display open ports on machines within your network (Figure A). The intense scan can take a long time, but if you want the most information about your network, it's the way to go.
Figure A
Once the scan is complete, you will see a list of all devices found on the network in the left pane. Click one of the devices, scroll through the Nmap Output, and look for sections that list Port, State, and Service (Figure B).
Figure B
If you don't have time to comb through the scan, you can always save it and view it (using Zenmap) at a later time. To save the scan, go to Scan | Save Scan, give it a name, and click Save.
For a quick view of open ports on your network, click the Ports/Hosts tab to see which ports are wide open (Figure C).
Figure C
If you don't want to depend on the GUI, with Nmap (which is installed when you install Zenmap), you can run the same scan(s) from the command line. For instance, you want to run the intense scan against a single host. Open a terminal window and issue this command.
These are the switches for the above command.
- T4 ─ set the timing to 4 (0-5, with 5 being the fastest)
- A ─ enable OS detection
- v ─ verbose output
At this point (whether you used Nmap via the command line or the Zenmap GUI), you should have a full list of ports that are open on your network. Now that you know which ports are open and on which machines, you have a far better chance of securing those ports and, in turn, your network.
The bottom line
Nmap/Zenmap is not the only network scanning option on the market, though you'll be hard-pressed to find an easier, more powerful tool to help you discover which ports are open on your network.
Also see
ByChad Perrin, originally published April 15, 2008
You should turn off any services you don't actually need so that they will not become avenues of attack for security threats. Different systems will have different services running by default, even between different service pack versions of MS Windows XP, and if you're coming into a situation where you must assume responsibility for the security of computers that were already set up before you got there, there are certain to be different services running than on a default install of the system. What's needed is a tool for listing active services and open ports. I'll explain how such tools can be used on three types of systems: Linux distributions, FreeBSD, and MS Windows.
As mentioned in the article, '10 security tips for all general-purpose OSes,' you should turn off any services you don't actually need so that they will not become avenues of attack for security threats. Ten specific services for Microsoft Windows were mentioned in my later article, '10 services to turn off in MS Windows XP.' While ten is a good number for a quick list in an article, it's hardly comprehensive.
There's essentially no way to provide a comprehensive list. Different systems will have different services running by default, even between different service pack versions of MS Windows XP, and if you're coming into a situation where you must assume responsibility for the security of computers that were already set up before you got there, there are certain to be different services running than on a default install of the system. Worse, there are new services being invented from time to time, expanding the number of services that may possibly be running on a given computer.
What's needed is a tool for listing active services and open ports. I'll explain how such tools can be used on three types of systems, in alphabetical order — Linux distributions, FreeBSD, and MS Windows — plus how to use an additional tool for commercial UNIX systems where the other tools may not be available.
FreeBSD
On a FreeBSD Unix system, as with other BSD Unix systems, you have a number of utilities with a base system install that can be used for listing open files, running processes, and network connections. The netstat utility is maintained as a part of the FreeBSD base system by the FreeBSD core developers, and offers exactly the sort of functionality you need to list open ports on your system.
netstat
To list open network ports and the processes that own them on FreeBSD with netstat, you can use this command:
The output for this on my laptop running FreeBSD is:
The localhost.ipp entry refers to the Internet Printing Protocol used by CUPS to talk to the network printer. The *.2200 entry refers to SSH, which I have set to a nonstandard port, so it's not recognized by netstat's port-to-service association capabilities. *.x11 refers to the X Window System protocol.
You can add the -n option to netstat to get port numbers instead of having the utility try to provide names for services:
The output would then look somewhat different:
This information can be used to determine what services are running, in cases where services are using standard ports. On a FreeBSD system, you can get a listing of standard port associations by searching through the contents of /etc/services
For instance, if you wanted to find out what was up with port 631, you might use this command:
The output:
sockstat
In addition to netstat, the more limited command sockstat is effectively tailor-made for this kind of information gathering. To get a listing of listening ports and their associated processes, you can use this command:
The output may even be more useful than that of netstat above:
Linux distributions
As with FreeBSD, the obvious choice of tool to use for listing open ports is netstat. Most Linux distributions use a different version of the utility, however maintained separately from the Linux distribution, as an independent software development project.
Port Query Tool Mac Find What A Port Is Being Used For Spoofing
One consequence of that fact is that the command line options used to achieve the same results may be different with FreeBSD than with Debian, Ubuntu, or Fedora Core Linux systems. On a typical Linux system, this command will list open network ports and the processes that own them:
The output should look something like this:
As you can see from this output, the Debian GNU/Linux system on which I ran that command has only four open ports — two for CUPS, so that the computer can communicate with the network printer; one for PostgreSQL so that it can be contacted by applications in development; SSH, so that I can access it remotely, from my laptop.
Microsoft Windows XP
Microsoft Windows also offers a netstat command that can be executed from the command line to get a list of open ports. The standard MS Windows version of netstat is slightly more limited than its Unix-like system counterparts, but still suffices to get a listing of listening services:
The output of this command should look something like this:
Note: 'hostname' is replaced by the system's hostname.
Commercial UNIX systems
For most commercial UNIX systems, even if there is not a version of netstat or sockstat available, you should be able to install lsof — which is short for 'list open files'. Most Linux distributions and BSD unix systems will provide lsof with a default install or through their respective software management systems. Some commercial UNIX systems do so as well, and for many others you can download it. The following command will limit the output of the utility to network ports:
There are endless software tools and utilities out there to help you in managing your network. Here are some of the best free ones. They can help you with deploying, maintaining, troubleshooting, and upgrading Window Servers, your domain, and aid with other miscellaneous network tasks.
Best Practices Analyzer
Microsoft provides the Best Practices Analyzer tool right inside Windows Server, starting with Windows Server 2008 R2, available on each role’s home page in the Server Manager console. It scans and analyzes key settings of the server roles and reports compliance of them compared to the best practices standards. This can help you identify potential issues that may affect security and performance.
It scans for a variety of rules, including those relating to predeployment, security, performance, and configuration. Statuses shown in the results include compliant, noncompliant, and warning. (Watch the slideshow version of this story.)
Core Configurator
Starting with Windows Server 2008, there’s a Server Core installation option. It’s great if you want a minimal installation, but it only gives you the Command Prompt for the interface. However, there are tools that give you a GUI on the Core editions of Windows Server. You can setup and configure most features via the GUI rather than being forced to use text commands.
+ ALSO ON NETWORK WORLD 12 free Microsoft Exchange tools every IT admin will love +
Core Configurator 2.0 supports Windows Server 2008 R2 x64 and Corefig is for Windows Server 2012 Core and Hyper-V Server 2012.
Exchange Server Deployment Assistant
Microsoft offers the Exchange Server Deployment Assistant, an online tool that asks you deployment related questions and then generates a custom step-by-step checklist to use during an Exchange install or upgrade.
It asks questions about your current configuration, desired deployment environment (on-premise, cloud, or hybrid), migration questions, and desired features/functionality. In the end you’re presented with a wizard type of checklist, which is saved so you can return later and can be printed out as well.
Role-based Access Control (RBAC) Manager
By default, you must use PowerShell commands to manage the new role-based access controls of Exchange, which debuted in Exchange 2010 and eliminates the use of access control lists (ACL). However, the Role-based Access Control (RBAC) Manager provides a GUI to edit these role-based access controls, which gives you the ability to easily add/remove cmdlets and edit cmdlet properties and assignments.
The RBAC Manager supports Exchange 2010 SP2, Exchange 2013 Preview and Office 365.
Exchange Reports
Exchange Reports provides you with insight on your Exchange server and environment, supporting Exchange 2010 and Exchange 2013. It helps keeps you up-to-date with the server status, changes, and stats. It provides a group report and details on individual groups, mailbox report and details on individual mailboxes, an environment report, and it supports message tracking.
The program doesn’t require any installation, but requires .Net 4.0, Powershell 2.0, and Remote Powershell access to the Exchange Server. You can save reports and also export them to Excel.
Active Directory Explorer
Active Directory Explorer is an Active Directory viewer and editor, which you can use to browse the Active Directory database. You can view object properties and attributes, modify permissions, and view an object's schema.
It supports saving off-line snapshots, creating favorite locations, and saving advanced searches. You can also compare two Active Directory snapshots to see what objects, attributes and security permissions changed between them.
Remote Desktop Manager
The Remote Desktop Manager provides a single platform for centralized access to many types of remote connections and remote services, along with the ability to save their passwords and login credentials. It can save you the time and hassle in managing and utilizing all the different types of remote access methods.
It can manage remote connections via Microsoft Remote Desktop (RDP, RemoteFX), Microsoft Windows Azure (RDP), Microsoft Hyper-V (RDP), Microsoft Remote Assistance, VNC (RealVNC / TightVNC / UltraVNC / built-in), Citrix (ICA / HDX / Web), Web (HTTP / HTTPS), LogMeIn (Free / Pro), TeamViewer, and PC Anywhere. It also supports management of FTP, FTPS and SFTP (Windows Explorer / Filezilla / WinSCP / built-in) and Telnet, SSH, RAW and rLogin (Putty / Kitty / built-in).
They offer a premium edition with a free 30-day trial but they also provide a completely free edition with limited functionality.
Microsoft Remote Connectivity Analyzer
Microsoft provides the Remote Connectivity Analyzer, which can help you test and troubleshoot the connectivity of Exchange servers, Outlook, Lync, OCS, Office 365, and email (POP, IMAP, and STMP). It’s mostly an online tool, a website where you can input server addresses and login credentials in order to run the connectivity tests. It also provides a message header analyzer.
On the website you can also download the Microsoft Connectivity Analyzer Tool to run local tests to identify common connectivity issues for Outlook, Lync, and Office 365. And you can download the Microsoft Lync Connectivity Analyzer Tool to locally analyze a Lync deployment to see if it meets the requirements to support connections from Lync Windows Store app for Windows 8 and Windows RT, and from Lync mobile apps.
NetSetMan
As a network administrator you’re likely connecting to different networks or often changing your network settings. NetSetMan can help manage these different settings. You can save and switch between different profiles, which enable you to easily change your IP, DNS, and many more network-related settings.
In the profiles you can specify the Computer Name, Workgroup/Domain, and MAC Address. You can set a Proxy, SMTP Server, Browser Home Page, Default Printer, and Network Drives. You can also configure Hosts File Entries, Route Table, Scripts (BAT, VS, JS, etc), and other System Settings.
Though they offer a premium product and a free version with limited functionality.
NetResView
The NetResView utility from NirSoft scans for and lists network resources on your LAN. It shows computers, disk shares, and printer shares, including resources from all domains/workgroups and any admin/hidden shares. It even gives you the resource’s name/location, type, workgroup/domain, and its IP and MAC addresses.
ManageEngine Tools
ManageEngine offers many free tools for Windows, network, and IT management, including those for Active Directory, Exchange, SharePoint, SQL databases, Hyper-V, and VMware.
The ManageEngine Free Active Directory Tools 4.4 package includes the following:
- AD Query Tool queries for specific data in a single view.
- CSV Generator generates a CSV file with the Active Directory attributes you choose.
- Last Logon Reporter lists the latest logon time of users.
- Terminal Session Manager offerss a PowerShell cmdlet to identify and manage Windows Terminal Service Sessions.
- AD Replication Manager replicates the data between Domain Controllers in a Domain / Forest.
- SharePoint Manager reports on Microsoft Office SharePoint Tree Structure and the entire SharePoint Environment.
- DMZ Port Analyzer scans ports for those not opened for application functions.
- Domain and DC Roles Reporter provides details on Domain Controllers and their Roles.
- Local Users Manager offers a PowerShell cmdlet to manage the local user accounts of domain users.
- DC Monitor reports the performance of Active Directory Domain Controllers.
- Empty Password Reporter lists users that have no password set.
- Duplicates Identifier lists duplicate objects in your Domain.
- Password Policy Manager helps you view and manage Password Policies for the entire Domain.
ManageEngine also provides a free set of general Windows Admin Tools, which includes many for server and PC administration:
- Remote Task Manager Tool shows the processes running in a remote computer and allows you to terminate them. It shows details like Process ID, Memory Usage, Session ID, and Priority.
- Wake on LAN Tool can remotely boot WoL-compatible computers on the network, and supports booting multiple computers simultaneously. Specify the IP Address, MAC Address and the Subnet Mask of the computers to wake them up.
- Software Inventory Tool scans computers on the network and shows the software installed on them, including details like the vendor, version, and usage statistics. This information can then be exported via txt and csv formats.
- Remote Command Prompt Tool lets you remotely access the Command Prompt of a remote computer and execute commands. Specified a computer manually or browse the Domain Controller.
- GPO Update Tool enables you to perform on-demand GPO Updates to the computers of a Windows Domain.
- Join/Unjoin Computer Tool helps you move a computer from one domain to another or from a domain to a workgroup or from a workgroup to a domain.
- Currently Logged On User lists the details of users logged on to a remote computer.
- Hard Disk Space Monitor Tool retrieves the hard drive details of remote computers, including partitions, volume names, file system, total size, and free space.
- Local Users/Groups Tool retrieves the list and details of local users and user groups of remote computers.
- Network Share Browser Tool lists the details of network shares, including files, folders and Active Sessions.
ManageEngine offers a set of free monitoring utilities as well:
- Free Windows Health Monitor Tool
- Free Windows Service Monitor Tool
- Free Exchange Health Monitor Tool
- SharePoint Health Monitor Free Tool
- SQL Health Monitoring Tool
- SQL Performance Monitoring Tool
- Free HyperV Performance Monitor Tool
- Free XenServer Health Monitor Tool
- Free Azure Performance Monitor Tool
- EC2 Health Monitor Free Tool
They also offer monitoring and management tools for the virtual environment: VM Configuration Free Tool and Hyper-V Configuration Free Tool.
SolarWinds Tools
SolarWinds provides many free network and IT tools, a handful which are for Windows and Active Directory administration:
- Inactive User Account Removal Tool scans for users that haven’t logged in for some period of time and allows you to easily remove those you select.
- Inactive Computer Account Removal Tool finds computers that haven’t been used for some period of time and enables you to easily remove those you select.
- User Import Tool enables you bulk add users, along with specified attributes, with a CSV file.
- Permissions Analyzer for Active Directory offers a hierarchical view of the effective permission access rights for a specific file folder (NTFS) or share.
- Diagnostic Tool for the WSUS Agent tests the Windows Update Agent configuration and connectivity.
- WMI Monitor offers monitoring of any Windows application or server via the Windows Management Instrumentation.
- Exchange Monitor keeps an eye on your Exchange server.
- SNMP Enabler for Windows remotely installs and enables SNMP on multiple Windows servers and workstations.
- Kiwi Syslog Server collects, displays and archives syslog messages and SNMP traps from routers, computers or other devices.
- Event Log Consolidator collects Event logs from up to five servers.
Netwrix Tools
Port Query Tool Mac Find What A Port Is Being Used For Spam
Netwrix also offers many free server, network, and IT tools:
- Netwrix Auditor tracks changes to Active Directory objects, servers, VMs, databases, and provides auditing of most system components and applications.
- Password Manager is a self-service password management system for users to troubleshoot account lockouts and reset their password.
- Account Lockout Examiner alerts you of lockouts and helps diagnose why a user account is locked out.
- Disk Space Monitor alerts you when available disk space on servers or computers falls below a certain threshold.
- Bulk Password Reset can change multiple local account passwords across multiple computers.
- Service Monitor tracks all automatic startup services on multiple servers and alerts if they stop unexpectedly and can even automatically restart the server.
- Privileged Account Manager provides a web-based portal for managing and maintaining privileged identities.
- Active Directory Object Restore Wizard restores deleted and modified objects.
- Logon Reporter keeps tabs on successful and failed logons.
- Web-based Password Change for Active Directory offers the ability to remotely change domain passwords for off-line users.
More on Windows Server:
Port Query Tool Mac Find What A Port Is Being Used For Sharing
Eric Geieris a freelance tech writer — keep up with his writings on Facebook or Twitter. He’s also the founder of NoWiresSecurity, a cloud-based Wi-Fi security service, and On Spot Techs, a tech support company.