Windows Netstat Command to Check Open Ports in Windows
In this tutorial, we will learn how to run the
netstat command to check open ports in Windows Operating System. We will also look at command options and how to use the
findstr command (similar to grep) to filter the netstat output.
To check open ports, open a command prompt (or PowerShell) as administrator and run the
netstat command as follows:
The command displays lots of information. What you should pay attention to are Local Addresses that are in the LISTENING state.
As you can see in the previous screenshot, In my Windows 10 computer, port 22 (SSH) is open.
Administrators can run the following command to show opened ports only without all other details:
netstat -aon | findstr /i listening
One important point is that the Windows Firewall may block a port even if it is in the listening state. In the Windows Defender Firewall with Advanced Security, there has to be a corresponding inbound firewall rule to match the listening port (Anything with a green checkmark is an open rule).
The Foreign Address column of the output shows the IP address and port of the computer/server at the remote end of the connection.
To check that the port is open from a remote computer, an administrator can run the
telnet command from a remote computer against the IP address of the Windows computer.
For example, to check if port 22 is open, I will run the
telnet command from a remote computer as follows:
telnet IP_ADDRESS 22
Replace IP_ADDRESS with the actual IP Address of the Windows computer.
Filtering netstat using findstr
Administrators can use the
findstr CMD command (which is similar to
grep) to filter
netstat command data based on string patterns.
For example, run the following command to check TCP connections in
netstat -a | findstr /i TIME_WAIT
/I option is for the case insensitive matching.
Windows netstat command, without any command-line arguments, displays active TCP connections.
It also includes some useful command options to show network connections and ports in various forms, such as show connections and opened ports based on the protocol, find the process id of a connection/port, view network statics, and find the application that utilizes connections and ports.
|-a||displays all network connections and ports on which Windows is listening (include both IPv4 or IPv6 addresses).|
|-b||The output shows you which applications are using each active connection and ports (need administrative privileges).|
|-e||Displays network statistics, such as the Errors, the number of bytes, and packets sent and received.|
|-n||Displays addresses and ports in numerical format.|
|-f||When used, the output will contain Fully Qualified Domain Names (FQDNs) of IP addresses, if available.|
|-o||Displays an additional column that contains the Process ID (PID).|
|-p||Display data for a specific protocol (e.g., -p TCP). The Protocol can be one of the following: |
|-r||Check Windows routing table.|
|-s||Displays detailed network statistics for each protocol (|
|interval||Sets Time interval (in seconds) to automatically update the output. See examples to learn more.|
Examples: Using the netstat command
List all Active TCP connections:
Check open ports:
netstat -aon | findstr /i listening
Only want to see information about TCP protocol:
netstat -a -p tcp
Show network statistics:
Real-time network monitoring - In the following example, we set a 5 second time interval to check active network connections in real-time. The number 5 causes the command to repeat every five seconds (Press
CTRL+C to quit).
netstat -n 5
If you need more information about the Windows netstat command, type
netstat \? in the command prompt.