Normally, in order to detect whether a specified TCP port is alive, we are looking for a response through the port specified by Telnet, but by default Win8 the system is not installed Telnet by default. Imagine if you hacked into a server and didn't have telnet on it, but in order to penetrate further into the intranet, you need to detect if the internal server-specific port is open, and you are not willing to install Telnet, fearing attention from the administrator. Well, in this case you need this script of mine. Because it is the original ecological PowerShell statement completed, the wood has telnet you can also detect the TCP port situation.
The following is the first code, explained later:
Copy Code code as follows:
===== FileName: get-tcpresponse.ps1=====
Function Get-tcpresponse {
<# author:fuhj (powershell#live.cn, http://fuhaijun.com)
. Synopsis
Tests TCP port of remote or local system and returns a response header
If applicable
. DESCRIPTION
Tests TCP port of remote or local system and returns a response header
If applicable
If server has no default response, then Response property'll be NULL
. PARAMETER Computername
Local or remote system to test connection
. PARAMETER Port
TCP Port to connect to
. PARAMETER Tcptimeout
Time until connection should abort
. EXAMPLE
Get-tcpresponse-computername Pop.126.com-port 110
Computername:pop.126.com
port:110
Isopen:true
Response: +ok Welcome to Coremail Mail Pop3 Server (126coms[75c606d72bf436dfbce6 ...])
Description
-----------
Checks Port of a mail server and displays header response.
#>
[OutputType (' Net.tcpresponse ')]
[Cmdletbinding ()]
Param (
[Parameter (valuefrompipeline,valuefrompipelinebypropertyname)]
[Alias (' __server ', ' IPAddress ', ' IP ', ' domain ')]
[string[]] $Computername = $env: Computername,
[int[]] $Port = 25,
[int] $TCPTimeout = 1000
)
Process {
ForEach ($Computer in $Computername) {
ForEach ($_port in $Port) {
$stringBuilder = New-object Text.stringbuilder
$tcpClient = New-object System.Net.Sockets.TCPClient
$connect = $tcpClient. BeginConnect ($Computer, $_port, $null, $null)
$wait = $connect. Asyncwaithandle.waitone ($TCPtimeout, $false)
If (-not $wait) {
$object = [Pscustomobject] @{
Computername = $Computer
Port = $_port
IsOpen = $False
Response = $Null
}
} Else {
while ($True) {
#Let Buffer
Start-sleep-milliseconds 1000
Write-verbose "Bytes available: $ ($tcpClient. Available)"
If ([Int64] $tcpClient. AVAILABLE-GT 0) {
$stream = $TcpClient. GetStream ()
$bindResponseBuffer = New-object byte[]-argumentlist $tcpClient. Available
[Int] $response = $stream. Read ($bindResponseBuffer, 0, $bindResponseBuffer. Count)
$Null = $stringBuilder. Append ($bindResponseBuffer | ForEach {[char][int]$_})-join ')
} Else {
Break
}
}
$object = [Pscustomobject] @{
Computername = $Computer
Port = $_port
IsOpen = $True
Response = $stringBuilder. Tostring ()
}
}
$object. Pstypenames.insert (0, ' net.tcpresponse ')
Write-output $object
If ($Stream) {
$stream. Close ()
$stream. Dispose ()
}
$tcpClient. Close ()
$tcpClient. Dispose ()
}
}
}
}
First create a System.Net.Sockets.TCPClient object, to connect the specified domain name and port, instantaneous disconnect that is the server did not open that port, directly rejected, if not rejected, then wait for the server to give you a response, and then read the byte stream splicing up to resolve.
Finally, it needs to be emphasized that open streams and TCP connections need to be shut down to free up resources
The method is invoked as follows:
Copy Code code as follows:
Get-tcpresponse-computername Pop.126.com-port 110
and compare the results of Telnet
The result is the same, later no Telnet will be difficult to live, have fun! ^_^