Checking ports are open and responding Windows Server (2012, 2016, 2019)

How to check open/listening ports in Windows Server-based operating systems.

Right-click on the start menu and click ‘Windows PowerShell (admin), in the new PowerShell window that has just opened up type: netstat -an this will show you all open ports and which IP they are listening on:

 

PS C:\Users\Administrator> netstat -an

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:2179           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:5985           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:47001          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49664          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49665          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49666          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49667          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49668          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49669          0.0.0.0:0              LISTENING
  TCP    0.0.0.0:49670          0.0.0.0:0              LISTENING
  TCP    22.156.188.131:139     0.0.0.0:0              LISTENING
  TCP    22.156.188.131:3389    174.143.175.2:42252    ESTABLISHED
  TCP    22.156.188.131:3389    182.169.114.207:64454  ESTABLISHED
  TCP    22.156.188.131:3389    191.220.163.122:57588  ESTABLISHED
  TCP    22.156.188.131:3389    191.220.163.131:31525  ESTABLISHED
  TCP    22.156.188.131:3389    191.220.163.151:23613  ESTABLISHED

As we can see above for example port 123 is listening on IP 22.156.188.131 we can also see that a connection to port 3389 (WIndowd RDP) is currently established from IPS 174.143.175.2, 182.169.114.204, and, 191.220.163.131.

If you are expecting to be able to connect to a specific service that you know runs on a specific port and you can see it when listing the open/established ports as above yet it fails to connect there is a very good chance that you have not opened that port up in the Windows Firewall if however, you do not see that the port is listening for connections then there is a good chance that the service itself is not correctly configured so you need to look at that before the firewall.

If the output is just to much on a busy server for example you can narrow this down to specific ports, Linux users will have probably noticed by now that grep is not available in Windows PowerShell, never fear though as ‘Select-String’ does the same job, for the most part, the example below will show you how to check specific ports in the following example port 3389.

PS C:\Users\Administrator> netstat -an | Select-String 3389

  TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING
  TCP    22.156.188.131:3389    182.169.114.207:64454  ESTABLISHED

 


As an extra tip, if you are concerned that the client software you are using might be the thing preventing connection and the server side listening connection is on TCP you can also use telnet to test the connection

telnet 20.30.40.50 3389

If the connection to the port is ok you will see:

Trying 20.30.40.50...
Connected to 20.30.40.50.
Escape character is '^]'.

That means the connection has been established to the remote server so you can start troubleshooting the client software if it is not connecting, if however, nothing happens and eventually it just times out then a connection to the port on the server cannot be established at all so you need to investigate the server-side software and network