How to Find Listening Ports with Netstat and PowerShell

choubertsprojects

VPN offers!

1. NordVPN

2. Surfshark

3. ExpressVPN

Most internet connections have multiple listening ports open. Netstat is a command-line tool that can help you identify the source of these unwanted connections and prevent them from being used by unauthorized parties. It’s also important to realize that some applications may be using more than one port, like when an HTTP server has both 80 and 443 as listening ports for example.

“Netstat listening ports windows” is a command-line tool that can be used to find out which ports are currently listening on the system. This can be done by using Netstat and PowerShell. Read more in detail here: netstat listening ports windows.

How to Find Listening Ports with Netstat and PowerShell

Connections between programs function similarly to real talks. Someone initiates the discussion by speaking. The talk won’t go very far if no one is paying attention. On a Windows PC, how can you know who’s listening? The Get-NetTCPConnection cmdlet in PowerShell and the Netstat command-line program.

In this article, you’ll learn how to use Netstat and the native PowerShell function Get-NetTCPConnection to investigate listening ports and established TCP connections on your Windows machine.

Prerequisites

If you want to follow along with the examples in this tutorial, make sure you have the following items:

  • A computer that runs on Windows. Any variation will suffice. Windows 10 Build 21343.1 is used in this tutorial.
  • PowerShell. PowerShell 6+ and Windows PowerShell should both function. PowerShell v7.2.0-preview is used in this lesson. 2

Finding Active and Listening Ports with Netstat

Netstat is a command-line utility that appears to have been around for a long time. For a long time, it’s been a trustworthy command-line program for inspecting local network connections. Let’s have a look at how you may use it to locate listening and established network connections.

There are several parameters in Netstat. Only three of them will be used in this lesson. Run netstat /? to learn more about what netstat can accomplish.

Assuming you’re using a Windows computer, follow these steps:

1. Open a command prompt with elevated privileges (cmd.exe).

2. Type netstat -a to get a list of all the PC’s listening and established connections. Netstat only returns listening ports by default. Netstat returns listening and established connections when the -a argument is used.

Use the Netstat -a command.Use the Netstat -a command.

The above output is divided into four columns:

  • The kind of protocol used is indicated by the proto, which is either UDP or TCP.
  • Local Address — displays the listener’s local IP address and port. For many services, the IP address will be 0.0.0.0, which means it will listen on all network interfaces. A service may only listen on a single Network Interface in specific instances (NIC). In such situation, netstat will display the NIC’s IP address. The IP address and the port on which it is listening are separated by a colon.
  • Foreign Address – displays the distant IP address with which the local connection is in contact. The connection is listening for all IPs and ports if the Foreign Address is 0.0.0.0:0. The IP address of the client computer will be shown during established connections.
  • State — displays the port’s current state, which is generally LISTENING or ESTABLISHED.

3. Now type netstat -an to see what’s going on. Any names in the output should now have been converted to IP addresses. Netstat tries to resolve many IP addresses to names by default.

execute netstat -anexecute netstat -an

4. Finally, you may be interested in knowing which Windows programs are listening or have these connections open. Use the -b option to locate it.

An elevated command prompt or PowerShell prompt is required to use the -b option. You will get an error message. If you use the -b option in a non-elevated prompt, the requested action needs elevation.

nstat -anb nstat -anb nstat -nstat -anb nstat -anb nstat –

Finding Active and Listening Ports with PowerShell

Let’s examine how to accomplish it with PowerShell now that you’ve seen how the old-school netstat software displays active and listening ports.

Instead of scrolling through extensive lists of output, PowerShell provides you a lot more power to see exactly what you want. The Get-NetTCPConnection cmdlet is much more detailed about what you want to view than netstat.

The Get-NetTCPConnection cmdlet has a lot of arguments, and this article won’t go through all of them. If you’re interested in learning more, run Get-Help Get-NetTCPConnection -Detailed.

On your Windows computer, go to:

1. Log in as an administrator to a PowerShell console.

The only reason you’d want to elevate a PowerShell console is to check who controls the connection (like the netstat -b parameter).

2. Execute the Get-NetTCPConnection command. You’ll get something similar to what netstat gave you. Get-NetTCPConnection gives a collection of PowerShell objects rather than a long string of output.

You may now view the same basic information that netstat previously offered; by default, you can see information on the OwningProcess (the -b option on netstat) and the AppliedSetting field, which refers to the network profile the connection is a part of.

How to Change Network Profiles in Windows 10 in a Simple Way

The Get-NetTCPConnection cmdlet, unlike netstat, now displays listening UDP connections.

Get-NetTCPConnectionGet-NetTCPConnection

3. Use Select-Object to reveal all properties from the output. You’ll see that PowerShell gives you a lot more information than netstat.

Select-Object -Property * | Get-NetTCPConnection

Select-Object receives the output.Select-Object receives the output.

4. Next, limit the output to just listening ports.

Listen Get-NetTCPConnection -State

reduce the number of results reduce the number of results

5. Now you must locate the process names for the OwningProcess columns. To do so, use the cmdlet Get-Process and provide the process ID in the format given below.

cmdlet Get-Processcmdlet Get-Process

You can use a Select-Object calculated field to create another property for the process name if you want to.

Select-Object -Property * | Get-NetTCPConnection,@{‘Name’ = ‘ProcessName’;’Expression’={(Get-Process -Id $_.OwningProcess).Name}}

6. Narrow down the states even more by using the State parameter value as a comma-delimited list to discover Listening and Established states.

Listen Get-NetTCPConnection -State,Established

7. Finally, use the RemotePort argument to restrict the number of connections by the port to which the connection is attached.

To filter connections by local port, use the LocalPort argument. Get-NetTCPConnection -RemotePort 443 Get-NetTCPConnection -RemotePort 443 Get-NetTCPConnection Get-NetTCPConnection -RemotePort 443 Get-NetTCPConnection -RemotePort 443 Get-NetTCPConnection Get-NetTCPConnection

Get-NetTCPConnection -RemotePort 443 Get-NetTCPConnection -RemotePort 443 Get-NetTCPConnection

RemotePort is an optional parameter.RemotePort is an optional parameter.

Conclusion

You’ve seen how the Netstat tool and the Get-NetTCPConnection PowerShell cmdlet may assist you in locating local network connections.

Combine this with the Test-NetConnection PowerShell cmdlet to obtain an end-to-end picture of communication between a client and a server now that you can see the processes operating on the server.

“Open ports on localhost” is a command-line tool that allows users to find listening ports. It can be used with Netstat and PowerShell. Reference: powershell check open ports on localhost.

Frequently Asked Questions

Related Tags

  • netstat listening ports linux
  • get-nettcpconnection
  • netstat command to check port 443
  • powershell list open ports on remote server
  • netstat port 80