How to check open/listening ports in Windows Server-basedĀ operating systems.
Right-click on the start menu and click ‘Windows PowerShell (admin), in the new PowerShell window that has just opened up type: netstat -an this will show you all open ports and which IP they are listening on:
PS C:\Users\Administrator> netstat -an
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2179 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49670 0.0.0.0:0 LISTENING
TCP 22.156.188.131:139 0.0.0.0:0 LISTENING
TCP 22.156.188.131:3389 174.143.175.2:42252 ESTABLISHED
TCP 22.156.188.131:3389 182.169.114.207:64454 ESTABLISHED
TCP 22.156.188.131:3389 191.220.163.122:57588 ESTABLISHED
TCP 22.156.188.131:3389 191.220.163.131:31525 ESTABLISHED
TCP 22.156.188.131:3389 191.220.163.151:23613 ESTABLISHED
As we can see above for example port 123 is listening on IP 22.156.188.131 we can also see that a connection to port 3389 (WIndowd RDP) is currently established from IPS 174.143.175.2, 182.169.114.204, and, 191.220.163.131.
If you are expecting to be able to connect to a specific service that you know runs on a specific port and you can see it when listing the open/established ports as above yet it fails to connect there is a very good chance that you have not opened that port up in the Windows Firewall if however, you do not see that the port is listening for connections then there is a good chance that the service itself is not correctly configured so you need to look at that before the firewall.
If the output is just to much on a busy server for example you can narrow this down to specific ports, Linux users will have probably noticed by now that grep is not available in Windows PowerShell, never fear though as ‘Select-String’ does the same job, for the most part, the example below will show you how to check specific ports in the following example port 3389.
PS C:\Users\Administrator> netstat -an | Select-String 3389
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING
TCP 22.156.188.131:3389 182.169.114.207:64454 ESTABLISHED
As an extra tip, if you are concerned that the client software you are using might be the thing preventing connection and the server side listening connection is on TCP you can also use telnet to test the connection
telnet 20.30.40.50 3389
If the connection to the port is ok you will see:
Trying 20.30.40.50...
Connected to 20.30.40.50.
Escape character is '^]'.
That means the connection has been established to the remote server so you can start troubleshooting the client software if it is not connecting, if however, nothing happens and eventually it just times out then a connection to the port on the server cannot be established at all so you need to investigate the server-side software and network