Ed Skoudis, the creator of SANS 560 and cofounder of Inguardians has had some fantastic ideas regarding "command line ninjitsu." He came up with a way to do a port scan from the windows command line without additional tools. Here is his command:

for /L %i in (1,1,1024) do echo Checking Port %i: >> ports.txt & echo open [IP_addr] %i > ftp.txt & echo quit >> ftp.txt & ftp -s:ftp.txt 2>>ports.txt

 

Since the windows ftp client does not allow a custom port from the command line it requires that you create a script file. Ed's example creates a ftp.txt file containing text similar to this:

open 1.2.3.4 3
quit

The ftp client will use this script file by passing the file with the -s switch. The output is written to ports.txt with an output similar to this:

Checking Port 1:
> ftp: connect: Unknown error number
Checking Port 2:
> ftp: connect: Unknown error number
Checking Port 3:
> Connection closed by remote host
Checking Port 4:
> ftp: connect: Unknown error number

By looking at the above test you can see that port 3 is open on the remote host.

I took Ed's command and made a slight change to it so the -s switch and ftp.txt are not needed.

for /L %i in (1,1,1024) do echo Checking Port %i: >> ports.txt & ((echo open 10.10.10.10 %i)&(echo quit)) | ftp 2>>ports.txt

The output is essentially the same just without the additional file.

If you don't want to write anything to disk you can do this:

for /L %i in (1,1,1024) do @((echo open 10.10.10.10 %i)&(echo quit)) | ftp 2>&1 | find "host" && @echo %i is open

Output:
Connection closed by remote host.
22 is open
Connection closed by remote host.
80 is open