Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to check if a port is open or not

Posted on 2009-07-13
22
Medium Priority
?
4,272 Views
Last Modified: 2012-06-21
I am a new administrator of a webserver that resides outside our cooperate firewall on the DMZ.  I have asked the network admin to open ports 9998, 9999 and 1433 (for the NetIQ agent) to/from the external webservers to our two NETIQ servers.  He is telling me that the ports are open, but the agent is not working.  I not 100 percent sure that he successfully opened the ports but do not have the access to the firewall to double check. In the mean time, he insists that they are open.  How can I prove or disprove that this ports are indeed open or not.
0
Comment
Question by:ctrunk514
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 8
  • 5
  • +1
22 Comments
 
LVL 14

Expert Comment

by:TanLiHao
ID: 24840262
0
 
LVL 14

Expert Comment

by:flob9
ID: 24840307
Under a linux box :

nmap -p 9999 W.X.Y.Z

0
 

Author Comment

by:ctrunk514
ID: 24840312
how will this work, we are talking about an internal network.
0
Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

 

Author Comment

by:ctrunk514
ID: 24840325
both the webserver and the netiq servers on the inside are windows boxes.
0
 
LVL 10

Expert Comment

by:Alan_White
ID: 24840348
Microsoft provide a nice tool ttcp.exe which runs as a client and server. You can set one to listen on one server and then the other to "transmit" from your test client.
 
More details here: http://blogs.isaserver.org/pouseele/2006/07/14/microsoft-tcp-udp-test-tool-ttcp/
0
 

Author Comment

by:ctrunk514
ID: 24840639
I looked on my windows 2003 server disk and it does not seem to have a Valueadd\Msft\Net\Tools folder as suggested by this artical.  I did a quick search on google and the Microsoft download site and came up with nothing.  
0
 
LVL 14

Expert Comment

by:flob9
ID: 24840670
If you have some scripting languages available on your webserver on the local network, try something like this (php version) :

<?php
$fp = fsockopen("W.X.Y.Z", 9999, $errno, $errstr, 30);
if (!$fp) {
    echo "$errstr ($errno)<br />\n";
}
else
{
    fclose($fp);
    echo "port 9999 opened";
}
?>

Open in new window

0
 
LVL 10

Expert Comment

by:Alan_White
ID: 24840709
mmm, I've just checked one of mine and the folder / file are definately there.  I could post the exe, it's only 51KB but I dotn want to risk the wrath of copyright laws!
0
 
LVL 10

Expert Comment

by:Alan_White
ID: 24840717
0
 
LVL 10

Expert Comment

by:Alan_White
ID: 24840743
This seems to be a port of a similar tool, not tried it myself though:  http://www.pcausa.com/Utilities/pcattcp.htm
0
 
LVL 14

Expert Comment

by:flob9
ID: 24840757
If you have windows access to the DMZ server, you can just try under command line :

telnet W.X.Y.Z 9999

You will get "connection refused" if the port is closed.
0
 

Author Comment

by:ctrunk514
ID: 24840858
I tried the telnet command from the DMZ server and it brings back a blank prompt with no message.

telnet servername 9999

The servername does reslove by IP when pinged.
0
 
LVL 10

Expert Comment

by:Alan_White
ID: 24840899
Well, if it doesnt resolve to an IP then the telnet is never going to work, try telnet'ing to the IP.
0
 
LVL 14

Expert Comment

by:flob9
ID: 24840928
Blank prompt on telnet usually means that the port is opened and the server is awaiting command.

Try another dummy port with telnet to check. Ping does not always means anything, the server could block ICMP queries.
 
0
 

Author Comment

by:ctrunk514
ID: 24841002
When I try to telnet to another port I get the error':

C:\>telnet vhhnqwms.hollandhart.com 9997
Connecting To vhhnqwms.hollandhart.com...Could not open connection to the host,
on port 9997: Connect failed

C:\>


When I telnet to 9999 I get the blank screen, but If I try to type something (anything) it errors with the following message:

HTTP/1.1 400 Bad Request
Content-Type: text/html
Date: Mon, 13 Jul 2009 16:01:48 G
Connection: close
Content-Length: 35

<h1>Bad Request (Invalid Verb)</h

Connection to host lost.


Maybe thats normal, I am not sure.


0
 

Author Comment

by:ctrunk514
ID: 24841018
Another test I did was to setup a website using port 9999 on the inside server.  I verified that this worked on the internal network. But it DOES NOT WORK on the DMZ server.  It times out.

The other thing I found out is that these webserver have many different IP addresses.
0
 
LVL 14

Accepted Solution

by:
flob9 earned 375 total points
ID: 24841045
then the port 9999 seems opened

response seems HTTP, so you can try :

telnet host 9999
GET /

0
 
LVL 14

Expert Comment

by:flob9
ID: 24841084
Conclusion : the ports are opened, but the NetIQ agent cant connect.

Perhaps NetIQ agent check the server by ping before connexion, and the ping is disabled on the server. Ask the network admin if ICMP is closed, and open it if needed.

0
 

Author Comment

by:ctrunk514
ID: 24841125
Once connected with telnet over port 9999 I type the command GET then hit enter and get kicked out with the following message:

HTTP/1.1 400 Bad Request
Content-Type: text/html
Date: Mon, 13 Jul 2009 16:11:00 GMT
Connection: close
Content-Length: 35

<h1>Bad Request (Invalid Verb)</h1>

Connection to host lost.


____________________________





That is correct ... also, IIS can not connect.

ICMP is open and works fine.
0
 

Author Comment

by:ctrunk514
ID: 24841154
I think the problem might be with the different IP addresses that are tied to this address.  The netadmin is opening the traffic from the DMZ IP to the internal IP.  He is using the IPs that reslove in DNS but there are like 15 other addresses binded to this one NIC.

0
 
LVL 14

Expert Comment

by:flob9
ID: 24841157
You need to input the "/" also.

Anyway you can try in a browser on your dmz box : http://servername:9999/
0
 
LVL 14

Expert Comment

by:flob9
ID: 24841198
Check the other ports (9998 and 1433) via telnet or browser.

This does not seems to be a dns issue, since the server is responding (with http errors).
A closed port never send a response.
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question