Forum Discussion

parbogast's avatar
parbogast
Copper Contributor
Aug 30, 2022

PowerShell Script TCP Ports

I have a script, that connect to port 443 at on a destination server, however the source port is variable and seems to user the upper register of ports. How can I or is it possible to force the script to use a specific source port when connecting, this is causing an issue with my Firewall team as it needs to be a static port.

 

Thank you!

Paul

powershell
windows server

3 Replies

  • VGSandz's avatar
    VGSandz
    Copper Contributor
    Dec 20, 2022

    parbogast 

     

    You could try the below code, which is posted here in c# , https://www.codeproject.com/Questions/156019/Connect-to-remote-machine-with-TcpClient-using-a-s.aspx?display=Print

     

    $RemoteServerIPAddress ="y.y.y.y"
$LocalPorttoUse = "xxxx"
$RemotePorttoCheck = "yyyy"

#Normalize the Local IP Addresses to use any IP.
$LocalIPAddress  = [IPAddress]::Any

#Normalize the Remote IP Addresses.
$RemoteIPAddress  = [System.Net.IPAddress]::Parse($RemoteServerIPAddress)

#Local endpoint and remote endpoint
$LocalEndPointAddress  = New-Object Net.IPEndPoint ($LocalIPAddress,$LocalPorttoUse)
$RemoteEndPointAddress  = New-Object Net.IPEndPoint ($RemoteIPAddress,$RemotePorttoCheck)

$OpenTCPClient = New-Object Net.Sockets.TcpClient($LocalEndPointAddress)

Write-Output "Conecting to $RemoteServerIPAddress ..."
try 
{
    $OpenTCPClient.connect($RemoteEndPointAddress)
    Write-Output "Connected to Remote Server $RemoteServerIPAddress on Port $RemotePorttoCheck."
    #even if we close the connection with the below call, the local port will stay occupied probably in finwait state.
    #this would cause errors if the script is called in short intervals.
    #there should be a check to validate if the port is absolutely free.
    $OpenTCPClient.close()
    
    
}
catch
{
  Write-Output "Error while establishing the connection to the remote system."
  $OpenTCPClient.close()
}

     

    Please note that this would have issues if run in short intervals of time as the local port closing would take time.

     

    It's also suggested to use lower port numbers (unused) on source system and not to interfere with the ephemeral ports.

    more on this https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/default-dynamic-port-range-tcpip-chang

     

     

     

    • Gokhankosem's avatar
      Gokhankosem
      Copper Contributor
      May 31, 2023
      It is better to check network ports.
      https://ipcisco.com/lesson/network-ports/
  • LainRobertson's avatar
    LainRobertson
    Silver Contributor
    Aug 30, 2022

    parbogast 

     

    Hey, Paul.

     

    Your firewall team seems abnormally out-of-touch since there's very few protocols (comparatively) that use the same source and destination port. Apart from being rare, taking this approach also means that each time you run the script, you run the risk that the chosen source port has since been taken by another process (unless it's an RFC-defined port below 1024 - which would be bad practice conceptually anyway - and you're not running any aligned processes that could otherwise lock you out from using it.)

     

    To answer your question though, you can achieve this but it's not for the feint-of-heart.

     

    You'd have to tap directly into .NET, and the most likely class would be the Socket class (I've linked the Bind method which speaks to your requirement more directly than the overview does):

     

     

    It's not that it would take a lot of code to achieve (though graceful exception handling could blow it out a bit), it's just not something most people would find particularly easy to navigate.

     

    If you have a look around the PowerShell Gallery, you might find a third-party PowerShell module that does what you want, but since I don't use third-party modules, I can't give you an off-hand reference to one. Perhaps someone else can.

     

    Cheers,

    Lain