Home Networking

How to Check if a Port is Open on Windows

By Nizz

How to Check if a Port is Open on Windows

A port in networking world refers to a logical gateway on your computer that acts as a communication channel for remote computers for services. Your computer connects to any server/computer on the same network or the internet via a port.

There are numerous ports on your computer, but not all of them are open. Those ports connected to any incoming remote IP address and capable of exchanging data packets are called open ports. Such open ports can be abused to penetrate your computer if not monitored properly. 

Some methods to check and monitor open ports on your computer have been addressed in this article.

How to Check Open Ports on Windows?

Windows provides its users with various inbuilt tools to detail information related to networking in a computer. The tools that will help to check open ports on your computer are Netstat, Get-NetTCPConnection, and Telnet. The steps for each have been listed below:

Netstat

Netstat (Network Statistics) is a command line tool in Windows that is able to provide various details related to the network connections of your computer. By running the right command on your Command prompt, you will be able to check for open ports. The steps for this include the following:

  1. Press Windows + R keys to open Run.
  2. Type cmd and hit Ctrl + Shift + Enter to open Elevated Command Prompt.
    cmd-from-run-1
  3. Click on the Yes button to provide Admin privileges.
  4. Run the command: Netstat -na
    netstat-in-cmd-min

Here, switch ‘n’ would show the IP address and ports numerically. And the ‘a’ switch filters to show only active ports. 

Referring to the above image, the numbers beyond the colon on both local and foreign addresses show the port number and, before the colon are the IPs.

For instance, Local address 0.0.0.0:135 is in Listening state for TCP protocols, which means port number 135 on your computer is open and ready to connect from all networks. 

Except, foreign address shows the IP address:port number of the remote system where the connection has been established.

Get-NetTCPConnection

An alternative to the netstat command in Command Prompt would be Get-NetTCPConnection in Powershell. The availability of filtering features in Powershell provides an upper hand, as it can provide a list of only open ports. The steps mentioned below will guide you in doing so:

  1. Press Windows + R to open Run.
  2. Type Powershell and open it with Admin privileges as above.
    powershell-from-run
  3. Run the command: Get-NetTCPConnection -State Listen | Select Local*, State | sort LocalPort
    powershell-check-ports-min
  4. You can view the port number in the LocalPort column and the corresponding IP address in the LocalAddress column.

TCPView

TCPView is a free tool from Microsoft Sysinternals to get network statistics in an interactive GUI(graphical user interface) form. You will be able to view the open ports on your computer as soon as you download and launch the application. Follow the steps to do so:

  1. Download the TCPView zip file from their website.
  2. Right-click on the zip file and select Extract All…
    extract-tcpview
  3. Click the Browse… button, choose the desired address, and hit Extract.
  4. Now, open the extracted folder and double-click on tcpview.exe
    tcpview.exe_
  5. Click on Run and then Yes.
  6. Yet again, you can view open ports on the Local Port column corresponding to Listen status in the State column.
    tcpview

Telnet

Telnet is a Microsoft service that uses a virtual terminal to connect to computers within the same network. Upon running its command, telnet tries to connect to any specified port of the mentioned IP address (computer). If the port is open on that IP, the connection establishes, and if it isn’t, the connection fails.

Note: It is only useful if you want to check the state of desired ports on a remote computer.

You can follow the steps below to do so:

  1. Press the Windows logo key to initiate the Windows search.
  2. Type Turn Windows features on or off and hit Enter.
    Turn-windows-features-on-or-off
  3. Scroll to Telnet and check the box for it.
    check-telnet-client
  4. Now, open Command Prompt with Admin privileges.
  5. Run the command: telnet <IP address of your remote computer> <port number>
    telnet-command
  6. When running this command, the port is open if the screen clears and connection is setup. But you can know that the port is closed if it returns an error message as connect failed

Should I Close All the Open Ports?

Seeing so many open ports on the computer can be overwhelming for a user. However, if you have checked your ports through the netstat command, you can get more information about what type of open ports and established connections are safe.

As already covered, the local address (IP:port_number) shows to which IPs (network IPs) the computer is open and at which specific port. If the IP addresses start with 127.#.#.#, the corresponding port is open to only loopback addresses meaning local hosts(your own computer). No need to worry about threats there.

ip-information

But 0.0.0.0 IPs mean the suffixed ports are open to any type of connection, so they may be at potential risk but not at the current moment. Ports Listening to the local network IPs might be at slightly lower risks. However, other ports having Established connections should be kept an eye on. 

Peculiar local addresses/ports connected to unknown foreign IP addresses/ports might be risky. But before you rush to close all the open ports, just know that not all the open ports are at a security risk.

If you’re worried about any specific port, we recommend checking your firewall rules to understand what it’s used for before closing it.

How to Close an Open Port on Windows?

If you find a port connected to any unwanted computer/server/service, you can disconnect the connection and free up the port by using the Process ID(PID). PID associated with any port can be viewed with netstat -aon a command on the Command Prompt. The Process ID would list on the PID column of the returned tabular result.

Now, to free up the port, you run the command: taskkill /f /im <PID> 

taskkill-block

But, if you want to completely block incoming connections to any desired port using Windows Firewall, you can run the following command in Command Prompt:

netsh advfirewall firewall add rule name= "<any>" dir=in action=block protocol=TCP localport=<port number>

You can change the <any> to any rule name you want and <port number> to the actual port number you want to block incoming connections to. 

netsh-block-port

Furthermore, to open the blocked port, you can edit the action as allow (action=allow)in the command. And you can also edit dir as out, (dir=out), to perform an action on outgoing connections. Also, you can toggle between TCP and UDP protocols by changing protocol=UDP