How to check open/listening ports in Windows Server-based operating systems.
Right-click on the start menu and click ‘Windows PowerShell (admin), in the new PowerShell window that has just opened up type: netstat -an this will show you all open ports and which IP they are listening on:
PS C:\Users\Administrator> netstat -an Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:2179 0.0.0.0:0 LISTENING TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING TCP 0.0.0.0:49670 0.0.0.0:0 LISTENING TCP 184.108.40.206:139 0.0.0.0:0 LISTENING TCP 220.127.116.11:3389 18.104.22.168:42252 ESTABLISHED TCP 22.214.171.124:3389 126.96.36.199:64454 ESTABLISHED TCP 188.8.131.52:3389 184.108.40.206:57588 ESTABLISHED TCP 220.127.116.11:3389 18.104.22.168:31525 ESTABLISHED TCP 22.214.171.124:3389 126.96.36.199:23613 ESTABLISHED
As we can see above for example port 123 is listening on IP 188.8.131.52 we can also see that a connection to port 3389 (WIndowd RDP) is currently established from IPS 184.108.40.206, 220.127.116.11, and, 18.104.22.168.
If you are expecting to be able to connect to a specific service that you know runs on a specific port and you can see it when listing the open/established ports as above yet it fails to connect there is a very good chance that you have not opened that port up in the Windows Firewall if however, you do not see that the port is listening for connections then there is a good chance that the service itself is not correctly configured so you need to look at that before the firewall.
If the output is just to much on a busy server for example you can narrow this down to specific ports, Linux users will have probably noticed by now that grep is not available in Windows PowerShell, never fear though as ‘Select-String’ does the same job, for the most part, the example below will show you how to check specific ports in the following example port 3389.
PS C:\Users\Administrator> netstat -an | Select-String 3389 TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING TCP 22.214.171.124:3389 126.96.36.199:64454 ESTABLISHED
As an extra tip, if you are concerned that the client software you are using might be the thing preventing connection and the server side listening connection is on TCP you can also use telnet to test the connection
telnet 188.8.131.52 3389
If the connection to the port is ok you will see:
Trying 184.108.40.206... Connected to 220.127.116.11. Escape character is '^]'.
That means the connection has been established to the remote server so you can start troubleshooting the client software if it is not connecting, if however, nothing happens and eventually it just times out then a connection to the port on the server cannot be established at all so you need to investigate the server-side software and network