![\"\"](\"https:\/\/www.dumpsterfirecomputing.com\/wp-content\/uploads\/2023\/07\/image-3.png\")
<\/figure>\n\n\n\nThere is a single Virtual Network called VNET-TEST with a single subnet called SUBNET-VMS. Attached to that subnet are two virtual machines (VM1 and SERVER01). Each Virtual Machine has a NIC with a private IP address. Each NIC also has a Public IP Address associated with it. Lastly, I have a basic Network Security Group attached to both virtual machine NIC’s that is allowing TCP Port 3389 inbound, as well as allowing Ping and HTTP within the subnet. This creates a simple two VM network that we can RDP into from the outside. If you’d like to build this yourself, I have some bicep code<\/a> you can use as a template.<\/p>\n\n\n\n From the server, we want to reach TCP port 80. But rather than install a full blown web server, I’m going to use PowerShell to open a specific port. I’ve found this method invaluable in quickly simulating or testing port connectivity between two basic endpoints (when doing firewall troubleshooting). So, the following code is run from the server: This will open TCP Port 80 on the local IP Address to be listening for connections. Now we turn our attention to the client and begin to introduce our first tool<\/p>\n\n\n\n Ping<\/p>\n\n\n\n Ping is…basic. It’s basic and not always reliable, but it should always be one of your first tools in your arsenal. There are only two conditions with ping – works or it doesn’t. Here’s an example of ping not working:<\/p>\n\n\n\n The most common reason for the above is a firewall of some kind blocking ICMP (Ping) traffic. Many servers and network appliances will block or drop ICMP traffic. In our case, it’s actually firewall related. Windows Server installations, by default, enable the internal Firewall and <\/em>block inbound ICMP:<\/p>\n\n\n\n The above is shown in the Advanced Firewall settings within Windows Server. By simply enabling the inbound ICMP Allow rules we can see that we can now ping the server properly:<\/p>\n\n\n\n Trace Route<\/p>\n\n\n\n Trace Route (or TraceRt) is a tool used to see how many “hops” are between your source and destination machines. This can be useful in identifying routing problems. It leverages ping and DNS. In our network, there are no routers, firewalls, VPN’s or other devices to hop through, so when we trace route to our server we get a simple result:<\/p>\n\n\n\n This basically says that anytime the client is communicated with the server, it’s direct. There’s nothing in between the two that can block or filter the traffic.<\/p>\n\n\n\n What’s something more complicated look like? Well here’s what it looks like to trace our route through to www.bing.com:<\/p>\n\n\n\n There are 12 devices between my client and the server that responded to www.bing.com. None of those devices are responding directly to ICMP (thus the “Request timed out” messages), but we know there’s something there.<\/p>\n\n\n\n Test-NetConnection<\/p>\n\n\n\n So those were basic tools to help us test whether the server is alive and how far it is – next up is this PowerShell cmdlet. By passing just the server name, we’re essentially performing the PowerShell equivalent of ping:<\/p>\n\n\n\n But this cmdlet can actually help us test whether that server is responding on TCP port 80 by adding the Port parameter:<\/p>\n\n\n\n If this fails, things to look for will be either something blocking that traffic in transit (like a Firewall) or checking that the server is truly listening on port 80 (usually with netstat on the server itself).<\/p>\n\n\n\n Test-NetConnection is a great tool with a few useful options such as performing trace routes, getting detailed information from the remote host, and performing certain diagnostics. Full documentation on the use of this cmdlet can be found here<\/a>.<\/p>\n\n\n\n PSPing<\/p>\n\n\n\n Lastly we have PSPing, which is part of the Sysinternals Suite<\/a> of tools. This tool takes things to the next level, by allowing us to set up a constant “ping” to the server on port 80. The syntax is simple – we tack the port number to the end of the IP address we want to target, separated by a colon:<\/p>\n\n\n\n
<\/p>\n\n\n\n![\"\"](\"https:\/\/www.dumpsterfirecomputing.com\/wp-content\/uploads\/2023\/07\/image-2.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/www.dumpsterfirecomputing.com\/wp-content\/uploads\/2023\/07\/image-4.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/www.dumpsterfirecomputing.com\/wp-content\/uploads\/2023\/07\/image-5.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/www.dumpsterfirecomputing.com\/wp-content\/uploads\/2023\/07\/image-6.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/www.dumpsterfirecomputing.com\/wp-content\/uploads\/2023\/07\/image-7.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/www.dumpsterfirecomputing.com\/wp-content\/uploads\/2023\/07\/image-8.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/www.dumpsterfirecomputing.com\/wp-content\/uploads\/2023\/07\/image-9.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/www.dumpsterfirecomputing.com\/wp-content\/uploads\/2023\/07\/image-10.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/www.dumpsterfirecomputing.com\/wp-content\/uploads\/2023\/07\/image-11.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/www.dumpsterfirecomputing.com\/wp-content\/uploads\/2023\/07\/image-12.png\")
<\/figure>\n\n\n\n