Have you ever needed to test if a particular firewall rule is enabled and actually functioning as expected? Of course you had! A great friend and a colleague passed this gem along to me that allows you to create a simple ‘port listener’ on any Windows machine using PowerShell.

port-listener-script-attempt

Simply click start, type in ‘PowerShell’, and run ‘Windows PowerShell’, and copy/paste this script into the ‘Windows PowerShell’ window.

$port = 9999;

$Listener = [System.Net.Sockets.TcpListener]$port;

$Listener.Start();

while($true)

$client = $Listener.AcceptTcpClient();

Write-Host "Connection on port $port from $($client.client.RemoteEndPoint.Address)";

$client.Close();

} 

Then, attempt to log access the specified port, in this case, we choose 9999 via the web browser or telnet:

port-listener-script-attempt-chrome

This will result in the following output in the PowerShell window:

 Connection on port 9999 from A.B.C.D

Where A.B.C.D is the source IP address from which the connection attempt is made. This is a great and simple way of testing firewall rules, NAT rules, Loadbalancing or even L4 hashing (across aggregated port-channels/LACP links). port-listener-script-attempt

Advertisements

4 thoughts on “Port listener / firewall rule tester

  1. Thanks, this is really handy. I’ve added this function to my Powershell profile:
    Function Test-Port ([Parameter(Mandatory=$true)][int]$port)
    {
    $listener = [System.Net.Sockets.TcpListener]$port

    $listener.Start()

    While ($true)
    {
    $client = $listener.AcceptTcpClient()

    Write-Host (“Connection on port ” + $port + ” from ” + $client.Client.RemoteEndPoint.Address)

    $client.Close()
    }

    }

    1. Cool. Please do tell me more about your PowerShell profile, how it’s used, what it does, etc. This it’s almost literally the first time I’m using PowerShell…
      Also let me know if there are other topics of interest that you may be interested in hearing about on my blog 🙂

      1. Your Powershell profile is basically just a file that gets run when you open Powershell. You can see the location of your profile file by typing: $profile into a Powershell window. If you edited the .ps1 file in Notepad and pasted the above function into it, when you next opened Powershell you would be able to type: Test-Port -port 9999 directly into the prompt. It saves a lot of copy-pasting :).

        I also just discovered the profile file doesn’t exist by default. You can check whether it exists with this:
        Test-Path $profile

        And if it returns false, you can create the file with this:
        New-Item $profile -ItemType File

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s