Windows Netstat Command to Check Open Ports in Windows

Windows Netstat Command to Check Open Ports in Windows

In this tutorial, we will learn how to run the netstat command to check open ports in Windows Operating System. We will also look at command options and how to use the findstr command (similar to grep) to filter the netstat output.

To check open ports, open a command prompt (or PowerShell) as administrator and run the netstat command as follows:

netstat -aon

The command displays lots of information. What you should pay attention to are Local Addresses that are in the LISTENING state.

check if port is open windows

As you can see in the previous screenshot, In my Windows 10 computer, port 22 (SSH) is open.

Administrators can run the following command to show opened ports only without all other details:

netstat -aon | findstr /i listening

One important point is that the Windows Firewall may block a port even if it is in the listening state. In the Windows Defender Firewall with Advanced Security, there has to be a corresponding inbound firewall rule to match the listening port (Anything with a green checkmark is an open rule).

listening ports windows firewall

The Foreign Address column of the output shows the IP address and port of the computer/server at the remote end of the connection.

To check that the port is open from a remote computer, an administrator can run the telnet command from a remote computer against the IP address of the Windows computer.

For example, to check if port 22 is open, I will run the telnet command from a remote computer as follows:

telnet IP_ADDRESS 22

Replace IP_ADDRESS with the actual IP Address of the Windows computer.

check if port is open from a remote computer

Filtering netstat using findstr

Administrators can use the findstr CMD command (which is similar to grep) to filter netstat command data based on string patterns.

For example, run the following command to check TCP connections in TIME_WAIT State.

netstat -a | findstr /i TIME_WAIT

The /I option is for the case insensitive matching.

cmd netstat command to check open ports in windows

Command Options

Windows netstat command, without any command-line arguments, displays active TCP connections.

It also includes some useful command options to show network connections and ports in various forms, such as show connections and opened ports based on the protocol, find the process id of a connection/port, view network statics, and find the application that utilizes connections and ports.

-adisplays all network connections and ports on which Windows is listening (include both IPv4 or IPv6 addresses).
-bThe output shows you which applications are using each active connection and ports (need administrative privileges).
-eDisplays network statistics, such as the Errors, the number of bytes, and packets sent and received.
-nDisplays addresses and ports in numerical format.
-fWhen used, the output will contain Fully Qualified Domain Names (FQDNs) of IP addresses, if available.
-oDisplays an additional column that contains the Process ID (PID).
-pDisplay data for a specific protocol (e.g., -p TCP). The Protocol can be one of the following: TCP, UDP, TCPv6, or UDPv6. If combined with the -s option, Protocol can be TCP, UDP, ICMP, IP, TCPv6, UDPv6, ICMPv6, or IPv6.
-rCheck Windows routing table.
-sDisplays detailed network statistics for each protocol (IPv4, IPv6, ICMPv4, ICMPv6, TCP, and UDP).
intervalSets Time interval (in seconds) to automatically update the output. See examples to learn more.

Examples: Using the netstat command

List all Active TCP connections:


Check open ports:

netstat -aon | findstr /i listening

Only want to see information about TCP protocol:

netstat -a -p tcp

Show network statistics:

netstat -s

Real-time network monitoring - In the following example, we set a 5 second time interval to check active network connections in real-time. The number 5 causes the command to repeat every five seconds (Press CTRL+C to quit).

netstat -n 5

If you need more information about the Windows netstat command, type netstat \? in the command prompt.