How to Check Open Ports on Windows 11

Open ports on Windows 11 can reveal which apps and services are listening for network connections. For an administrator, technician, or security-conscious user, checking these ports is an important way to troubleshoot connectivity, verify server software, and identify possible security risks. Windows 11 includes several built-in tools for this task, and free utilities can make the information easier to understand.

TLDR: To check open ports on Windows 11, a user can run netstat in Command Prompt or PowerShell, use Get-NetTCPConnection, or inspect listening services with Resource Monitor. For deeper analysis, tools such as Windows Defender Firewall and third-party scanners can help identify which ports are exposed. The safest approach is to confirm the port number, match it to the responsible process, and close anything unnecessary.

Why Checking Open Ports Matters

A port is a numbered communication endpoint used by network services. For example, web servers commonly use port 80 for HTTP and port 443 for HTTPS. Remote Desktop typically uses port 3389, while DNS often uses port 53. When a port is “open,” an application or service may be listening for incoming or outgoing network traffic on that port.

On Windows 11, open ports are not automatically dangerous. Many normal applications require network access, including browsers, messaging apps, file-sharing tools, game clients, VPN software, and cloud synchronization services. However, an unexpected listening port can indicate a misconfigured service, unnecessary exposure, or, in some cases, malware. Regular checks help a user understand what is running and whether it should be allowed.

Method 1: Check Open Ports with Command Prompt

The simplest built-in method is the netstat command. It displays active connections, listening ports, protocol types, local addresses, foreign addresses, states, and process IDs.

1. Open the Start menu.
2. Search for Command Prompt.
3. Select Run as administrator for the most complete results.
4. Enter the following command:

netstat -aon

The output may appear long, but each column has a purpose:

• Proto: Shows whether the connection uses TCP or UDP.
• Local Address: Shows the local IP address and port number.
• Foreign Address: Shows the remote address connected to the computer.
• State: Shows whether a TCP port is listening, established, or closed.
• PID: Shows the process ID of the application using the port.

For checking open ports, the most important state is LISTENING. A line such as 0.0.0.0:135 LISTENING means the computer is listening on port 135 on all network interfaces. A line showing 127.0.0.1 means the service is listening only locally, which is usually less exposed than a service listening on all interfaces.

Method 2: Filter for Listening Ports Only

Because netstat -aon can produce a large amount of output, filtering makes the results easier to read. To display only listening TCP ports, the following command can be used:

netstat -aon | findstr LISTENING

This command is useful when a user wants to quickly identify services waiting for incoming connections. The result still includes the PID, which can be matched to a running application in Task Manager.

To identify the application behind a PID, a user can open Task Manager, select the Details tab, and look for the matching number in the PID column. If the PID column is not visible, it can be enabled by right-clicking the column header and selecting PID.

Method 3: Use PowerShell to Check Open Ports

PowerShell provides a more modern and structured way to view network connections. On Windows 11, the following command displays active TCP connections:

Get-NetTCPConnection

To show only listening ports, the command can be refined:

Get-NetTCPConnection -State Listen

This output includes local addresses, local ports, remote addresses, connection states, and the owning process. To make the information more useful, a user can include the process name by combining PowerShell commands:

Get-NetTCPConnection -State Listen | Select-Object LocalAddress, LocalPort, OwningProcess

PowerShell is especially helpful for administrators because results can be sorted, filtered, exported, or used in scripts. For example, sorting by port number can make the list easier to review:

Get-NetTCPConnection -State Listen | Sort-Object LocalPort

PowerShell is often the preferred method when repeatable checks or documentation are needed.

Method 4: Use Resource Monitor

Windows 11 also includes a graphical tool called Resource Monitor. It is useful for users who prefer not to rely entirely on commands.

1. Press Windows + R.
2. Type resmon and press Enter.
3. Select the Network tab.
4. Expand Listening Ports.

The Listening Ports section shows the image name, PID, address, port number, protocol, and firewall status. This view is particularly helpful because it directly associates ports with processes. If a user sees an unfamiliar program listening on a port, the process name can be investigated immediately.

Resource Monitor also shows TCP Connections and Network Activity, making it useful for identifying which applications are actively sending or receiving data. For troubleshooting, this can reveal whether an application is truly communicating over the network or merely waiting for a connection.

Method 5: Check Windows Defender Firewall Rules

An open port may be controlled by a firewall rule. Windows 11 uses Windows Defender Firewall to allow or block network traffic based on profiles, applications, and ports.

1. Open the Start menu.
2. Search for Windows Defender Firewall with Advanced Security.
3. Select Inbound Rules to review traffic allowed into the computer.
4. Select Outbound Rules to review traffic allowed out of the computer.

Inbound rules are especially important when checking exposed services. A port may be listening locally, but if the firewall blocks inbound traffic, it may not be reachable from another device. Conversely, a firewall rule that allows inbound traffic to a sensitive service may create a security concern.

When reviewing rules, a user should check the Enabled status, Action, Profile, Program, and Local Port. Rules that apply to Public networks deserve extra attention because public networks are generally less trusted.

Method 6: Test a Port from Another Device

Checking from inside Windows 11 shows what is listening locally, but it does not always prove whether the port is reachable from another system. A port may be blocked by Windows Firewall, a router, antivirus software, or network policy.

From another computer on the same network, an administrator can use PowerShell to test a specific port:

Test-NetConnection 192.168.1.25 -Port 3389

In this example, the command checks whether port 3389 is reachable on the device with the IP address 192.168.1.25. If TcpTestSucceeded returns True, the port is reachable. If it returns False, the port may be closed, filtered, blocked, or unavailable.

This method is helpful when verifying Remote Desktop access, local web servers, database ports, or application services. It also helps distinguish between a service problem and a firewall problem.

Understanding Common Open Ports

Some ports appear frequently on Windows systems. Their presence is not automatically suspicious, but they should be understood:

• Port 135: Used by Microsoft RPC services.
• Port 139: Associated with NetBIOS sessions.
• Port 445: Used for SMB file sharing.
• Port 3389: Used by Remote Desktop Protocol.
• Port 80: Used for unencrypted web traffic.
• Port 443: Used for encrypted HTTPS traffic.
• Port 53: Used for DNS services.

If a home user finds server-related ports open without intentionally enabling them, further review is recommended. For example, an unexpected web server process listening on port 80 or 443 could be caused by developer software, a local admin tool, or unwanted software.

How to Close an Unnecessary Open Port

Closing an open port usually means stopping or disabling the application or service that is listening on it. A user should avoid blindly blocking ports without understanding their purpose, because doing so may break legitimate Windows features or business applications.

The safest process is:

1. Identify the open port with netstat, PowerShell, or Resource Monitor.
2. Match the port to the PID and process name.
3. Research the process if it is unfamiliar.
4. Stop the related application or service if it is unnecessary.
5. Disable startup behavior if the service should not return after reboot.
6. Adjust Windows Defender Firewall rules if network access should be blocked.

Services can be reviewed by pressing Windows + R, typing services.msc, and pressing Enter. From there, a user can inspect service names, descriptions, startup types, and statuses. Changes should be made carefully, especially on work computers or systems managed by an organization.

Best Practices for Port Security on Windows 11

Checking open ports is only one part of network security. A well-maintained Windows 11 system should follow a few practical habits:

• Keep Windows updated: Security patches reduce the risk of vulnerable services being exploited.
• Disable unused services: Fewer listening services mean fewer possible entry points.
• Use strong firewall rules: Inbound access should be allowed only when necessary.
• Avoid exposing Remote Desktop publicly: RDP should be protected with VPN, strong authentication, and account lockout policies.
• Review startup applications: Some programs open network ports automatically after login.
• Scan for malware: Unexpected ports can sometimes be linked to malicious software.
• Document approved ports: Administrators should maintain a list of expected services and ports.

For most personal computers, only a small number of ports should be listening. For servers, development machines, and business systems, more open ports may be normal, but each one should have a clear purpose.

Conclusion

Windows 11 offers several effective ways to check open ports, from simple command-line tools to graphical monitoring utilities. netstat provides quick visibility, PowerShell offers structured filtering, Resource Monitor connects ports to processes visually, and Windows Defender Firewall shows whether traffic is allowed or blocked. By identifying the port, confirming the process, and reviewing firewall exposure, a user can make informed decisions about security and troubleshooting.

Open ports should not cause panic, but they should never be ignored. A careful review can help confirm that Windows 11 is running only the services it needs and that unnecessary network access is reduced.

FAQ

What is an open port on Windows 11?

An open port is a network endpoint where an application or service is listening for communication. It may be used for local connections, network connections, or internet-facing services.

What is the easiest way to check open ports?

The easiest method is to open Command Prompt as administrator and run netstat -aon | findstr LISTENING. This shows listening ports and their process IDs.

How can a user find which program is using a port?

The user can match the PID shown by netstat or PowerShell with the PID listed in Task Manager under the Details tab.

Are all open ports dangerous?

No. Many open ports are required by legitimate apps and Windows services. A port becomes a concern when it is unnecessary, exposed to untrusted networks, or linked to an unknown process.

Can Windows Defender Firewall close an open port?

Windows Defender Firewall can block traffic to or from a port, but the service may still be listening locally. To fully close the port, the related application or service usually must be stopped or disabled.

How often should open ports be checked?

A personal computer can be checked occasionally or after installing new software. Business systems, servers, and remote-access machines should be reviewed more regularly as part of routine security maintenance.