Check For Listening (Open) Ports With NetStat And PowerShell

Listening ports can be used by hackers to infiltrate your system without authorized access. When not in use, close the open ports. Here is how to detect them.

Check for listening ports CMD

Listening ports are ports that are currently in use by the computer. Ports are used to establish network connections between computers. Although the process of opening, listening, and closing network ports is seamless, identifying currently open or listening ports can help troubleshoot network-related problems.

Two major commands in Windows are used to check for open ports:

  1. Netstat (Command Prompt)
  2. Get-NetTCPConnection (PowerShell)

These commands can be a lifesaver for IT Pros and Sysadmins. This article describes how you can check for open and listening ports with Command Prompt and PowerShell.

Types of listening ports

Before moving forward, it’s important to understand a few concepts about ports.

Open or listening ports are the ports that are being used by an application or program on your computer to establish a connection with another computer on the network.

There are two types of port connections in a Windows computer:

  • Transmission Control Protocol (TCP)
  • User Datagram Protocol (UDP)

Different applications on a computer open different ports, some TCP and some UDP. UDP is less secure, but faster. TCP is slower but more secure.

Find listening ports with Netstat (CMD)

To check for open and listening ports, open Command Prompt as an administrator, and run the Netstat command as follows:

netstat -a

Or

netstat -aon

-a switch displays all active connections including TCP and UDP connections which the computer is listening to.

-o switch displays the process ID (PID) for each process.

-n switch displays IP addresses and port numbers in numerical form.

Check for listening ports in Command Prompt using Netstat
Check for listening ports in Command Prompt using Netstat

The output of this command shows the following items:

  • Protocol (TCP or UDP)
  • Local address (Your computer)
  • Foreign address (Remote computer)
  • State (Listening, Established, Time_Wait, Close_Wait)
  • PID (Process ID of the process that has opened the port)

Under Local Address, the number after the colon (:) is the port number. If you only want to show the listening ports, you can run the following command:

netstat -aon | findstr /i listening

This command lists the ports in the listening state.

List all listening ports in Command Prompt using Netstat
List all listening ports in Command Prompt using Netstat

When you see “0.0.0.0:0” in the foreign address field, this means that this port is used in broadcasting. This can help in troubleshooting different network issues.

You can use the following switches with the Netstat command:

SwitchDescription
-aDisplay all connections including TCP and UDP.
-nDisplay addresses and port numbers in numerical form.
-oDisplay process ID (PID)
-pShow connections for a specific protocol.
-rShow kernel routing table.
-sDisplay stats by protocol.
-tDisplay currently active connections.
-fResolves the IP addresses to fully qualified domain names (FQDN)
-eDisplay network stats including errors, number of bytes, packets sent and received, etc.
intervalTime in seconds after which the command will run again automatically.
Command line switches for Netstat command

Find listening ports with PowerShell

Get-NetTCPConnection cmdlet is the PowerShell equivalent of the Netstat command. It shows similar information to Netstat. You can find the following information using the Get-NetTCPConnection cmdlet:

  • Local address
  • Local port
  • Remote Address
  • Remote Port
  • State

If you want to filter information, you can use the Where-Object filter which is similar to “findstr“.

Get-NetTCPConnection | Where-Object {$_.State -eq 'Listen'}
Find listening network ports using PowerShell
Find listening network ports using PowerShell

Alternatively, you can also filter the connection list by state using the -State parameter:

Get-NetTCPConnection -State Listen

This will show all the ports that are in the “listening” state.

Similarly, you can also apply the filter with a port number. Here is an example:

Get-NetTCPConnection -LocalPort 22

You can run the following command for detailed information about each connection. Note that this generates a long list of information on every port.

Get-NetTCPConnection | Select-Object -Property *
Get NetTCPConnection Select Object Property
Get NetTCPConnection Select Object Property

The main difference between Netstat and Get-NetTCPConnection is that Get-NetTCPConnection can be invoked remotely using the Invoke-Command cmdlet.

PowerShell also gives another command if you want to find open or listening ports on operating systems other than Windows, like Linux. GetNetStat is a cross-platform module that can be run on multiple computers where PowerShell is installed.

Once you have identified the open and listening ports, you can use this guide to close listening ports or block or allow websites, ports, and IP addresses with Windows Firewall. You can also find and close the app that has opened the relevant port.

This guide is for checking listening ports on a local computer only. You can follow this guide to check if the remote network port is open.

Latest posts
Powershell Generic
Microsoft Releases PowerShell 7.4.0 LTS, Updates PowerShell 7.3.10 And 7.2.17 (Offline Installers)

Download the latest .NET 8-based PowerShell 7.4 here.

View post
Powershell Generic
Download PowerShell 7.3.9 & 7.2.16 LTS (Offline Installers)

Download PowerShell 7.3.9 and 7.2.16 LTS for Windows, macOS, and Linux using the provided offline installers.

View post
How To Zip And Unzip Files With PowerShell On Windows
How To Zip And Unzip Files With PowerShell On Windows

Manage your data better with controllable compression ratios to create zip files with PowerShell.

View post

Leave the first comment