Complete Guide to Checking Open Ports on Windows 2026

Navigate
Back to blog
Published
March 05, 2026
Read time
7 min read
Written by
Simon Meier
Guide to checking open ports on Windows using netstat command and PowerShell

Understanding how to check open ports on Windows is essential for anyone managing network security, troubleshooting connectivity issues, or setting up servers. Whether you're a system administrator, a home user running a game server, or a developer testing applications, knowing which ports are open on your system helps you identify potential security vulnerabilities and resolve connection problems quickly. This guide walks you through every practical method for checking open ports on Windows, complete with real commands you can run today.

Key Takeaways:

  • The netstat command is the fastest built-in method to check open ports on Windows without installing additional software
  • Windows Firewall settings directly control which ports are accessible from external networks
  • PowerShell offers advanced port scanning capabilities for detailed network security analysis
  • Regular port monitoring helps prevent unauthorized access and identifies misconfigured services

Content Table

Understanding Ports and Why They Matter

Ports act as virtual doorways that allow different applications and services to communicate over a network. Each port number (ranging from 0 to 65535) can be assigned to a specific service. For example, port 80 handles HTTP traffic, port 443 manages HTTPS, and port 3389 enables Remote Desktop connections.

When a port is "open," it means an application is actively listening for incoming connections on that port. This is necessary for services to function, but open ports also represent potential entry points for attackers. Understanding Windows port monitoring helps you maintain control over your system's network exposure.

Ports fall into three categories:

  • Well-known ports (0-1023): Reserved for common services like HTTP, FTP, and SSH
  • Registered ports (1024-49151): Assigned to specific applications by IANA
  • Dynamic ports (49152-65535): Used temporarily for client-side connections

Using the Netstat Command

The netstat command remains the most reliable built-in tool for checking open ports on Windows. It displays active connections, listening ports, and the associated processes without requiring any downloads or installations.

Basic Netstat Usage

Open Command Prompt as Administrator (right-click the Start button and select "Terminal (Admin)" or "Command Prompt (Admin)") and run:

netstat -an

This command displays all connections and listening ports in numerical format. The output shows local addresses, foreign addresses, and connection states.

Advanced Netstat Options

For more detailed information, use these enhanced commands:

netstat -ano

The -o flag adds the Process ID (PID) for each connection, letting you identify which application is using each port.

netstat -ab

The -b flag shows the executable name associated with each connection. Note that this requires administrator privileges.

Filtering Netstat Results

To find a specific port, combine netstat with the findstr command:

netstat -ano | findstr :8080

This filters results to show only connections involving port 8080.

PowerShell Port Checking Methods

PowerShell provides more powerful options for port scanner Windows functionality, offering better formatting and additional capabilities compared to the traditional netstat command.

Get-NetTCPConnection Cmdlet

This modern cmdlet displays TCP connections with detailed information:

Get-NetTCPConnection | Where-Object {$_.State -eq "Listen"}

This shows only listening ports, filtering out established connections and other states.

Testing Remote Port Connectivity

To check if a specific port is reachable on another machine:

Test-NetConnection -ComputerName localhost -Port 80

This command tests whether port 80 is open and accessible, returning detailed connection test results.

Comprehensive Port Scan Script

For scanning multiple ports at once, use this PowerShell script:

$ports = @(80, 443, 8080, 3389, 22)
foreach ($port in $ports) {
    $result = Test-NetConnection -ComputerName localhost -Port $port -WarningAction SilentlyContinue
    Write-Host "Port $port : $($result.TcpTestSucceeded)"
}

Checking Windows Firewall Settings

Windows Firewall settings determine which ports can receive incoming connections from external sources. Even if a service is listening on a port, the firewall may block external access.

Viewing Firewall Rules via GUI

  1. Press Windows + R, type wf.msc, and press Enter
  2. Click "Inbound Rules" in the left panel
  3. Look for rules with "Allow" in the Action column
  4. Double-click any rule to see which ports it affects

Command-Line Firewall Queries

To list all firewall rules allowing inbound connections:

netsh advfirewall firewall show rule name=all dir=in

For a specific port check:

netsh advfirewall firewall show rule name=all | findstr "8080"

Using Resource Monitor for Port Monitoring

Resource Monitor provides a graphical interface for real-time Windows port monitoring with process information.

  1. Press Windows + R, type resmon, and press Enter
  2. Click the "Network" tab
  3. Expand "Listening Ports" to see all open ports
  4. The display shows the process name, PID, address, and port number

This method is particularly useful when you need to quickly identify which application is using a specific port without memorizing command-line syntax.

Windows Resource Monitor showing listening ports and network connections

Real-World Example: Troubleshooting a Web Server

Let's walk through a concrete scenario. Imagine you've installed a local development server, but your browser shows "connection refused" when accessing localhost:8080.

Step 1: Check if anything is listening on port 8080

netstat -ano | findstr :8080

If there's no output, your server application isn't running or is configured for a different port.

Step 2: If a process appears, identify it

Note the PID from the previous command (the last number in each row), then run:

tasklist /FI "PID eq 1234"

Replace 1234 with the actual PID. This reveals whether your expected application or something else is using the port.

Step 3: Check firewall rules

If the service is running but external connections fail, verify the firewall allows port 8080:

netsh advfirewall firewall add rule name="Allow Port 8080" dir=in action=allow protocol=TCP localport=8080

This systematic approach resolves most port-related connectivity issues within minutes. For additional troubleshooting techniques, see our guide on Port 80 HTTP troubleshooting.

Network Security Best Practices

Maintaining strong network security on Windows requires ongoing attention to open ports:

  • Audit regularly: Schedule monthly port scans to identify unexpected listeners
  • Close unused ports: Disable services you don't need and block their ports in the firewall
  • Use strong authentication: Ensure services on open ports require proper authentication
  • Monitor changes: Track when new ports open to catch unauthorized software
  • Segment networks: Use firewall rules to limit which systems can access sensitive ports

Pro Tip: While built-in Windows tools handle local port checking well, online port scanners can verify whether your ports are accessible from the internet. This external perspective reveals what potential attackers actually see when probing your network.

Conclusion

Checking open ports on Windows is a fundamental skill for maintaining network security and troubleshooting connectivity issues. The netstat command provides quick results for basic checks, while PowerShell offers advanced filtering and automation capabilities. Windows Firewall settings add another layer of control over which ports accept external connections. By combining these tools with regular monitoring practices, you can maintain visibility into your system's network exposure and respond quickly to potential security concerns. Start by running netstat -ano on your system today to see exactly which ports are currently open.

Online port checker tool for testing open ports

Check Your Ports From the Outside

Local tools show what's listening, but only an external scan reveals what the internet actually sees. Verify your ports are properly configured with our free online port checker.

Try Our Free Port Checker →

Frequently Asked Questions

Open Command Prompt as Administrator and run netstat -ano to display all open ports with their associated process IDs. For a graphical view, open Resource Monitor (resmon), navigate to the Network tab, and expand the "Listening Ports" section to see all active ports.

Use netstat -ano | findstr :PORT in Command Prompt, replacing PORT with your number. If results appear showing "LISTENING," the port is open locally. To verify external accessibility, use PowerShell's Test-NetConnection -Port PORT command or an online port checker tool.

Run netstat -ano | findstr :8080 in an elevated Command Prompt. If you see a line containing "0.0.0.0:8080" or "127.0.0.1:8080" with state "LISTENING," port 8080 is open. The last column shows the PID of the process using that port.

Open your web browser and navigate to http://localhost:8080 or http://127.0.0.1:8080. If a web server or application is running on that port, you'll see its content. If connection fails, verify the service is running using netstat and check your firewall settings.

Open Command Prompt as Administrator and run: netsh advfirewall firewall add rule name="Allow 8080" dir=in action=allow protocol=TCP localport=8080. This creates a firewall rule permitting incoming TCP connections on port 8080. Alternatively, use Windows Defender Firewall with Advanced Security GUI.

Port configuration depends on your application. Most servers have configuration files where you specify the listening port. After setting the application to use 8080, create a Windows Firewall inbound rule for that port using wf.msc or the netsh command to allow external connections.