Scanning Your System for Open Ports

Written by Barry Dysert (last updated June 19, 2017)

Before we talk about scanning your system for open ports, I think we would benefit from a brief overview of ports in general. A port is an access point on an IP address that an application can use for communicating with an application on another network device. An analogy for a port is a particular unit number in an apartment building. The address of the apartment building is like the IP address, and each unit in it has its own "port number."

There are two types of ports: TCP and UDP. TCP stands for "Transmission Control Protocol." Under TCP, when computers want to exchange information a link is established from one computer to the other, and that link remains open for the duration of the exchange. Once the exchange is finished, the link is then disconnected.

UDP stands for "User Datagram Protocol." Under UDP, when computers want to exchange information, the sending computer wraps the data into a package, and the package is dropped onto the network, addressed to the receiving computer. Devices in between the sender and receiver take on the task of relaying the package to its ultimate destination.

Each type of port is numbered from 0 through 65535 (that would make for quite a large apartment building!). You can see what ports your system has open by using the netstat command-line utility. The netstat command accepts several switches, but I typically specify "-aon". These switches cause the utility to display all connections and listening ports in numerical form, including the owning process ID associated with each connection. The following shows the partial output of executing the command "netstat -aon":

Proto  Local Address       Foreign Address      State           PID
TCP    0.0.0.0:4242        0.0.0.0:0            LISTENING       1896
TCP    0.0.0.0:5357        0.0.0.0:0            LISTENING       4
TCP    0.0.0.0:5500        0.0.0.0:0            LISTENING       5920
TCP    0.0.0.0:9090        0.0.0.0:0            LISTENING       1372
TCP    0.0.0.0:9998        0.0.0.0:0            LISTENING       4460
TCP    0.0.0.0:11456       0.0.0.0:0            LISTENING       1612
TCP    0.0.0.0:17500       0.0.0.0:0            LISTENING       2540
TCP    0.0.0.0:30101       0.0.0.0:0            LISTENING       4460
TCP    0.0.0.0:47232       0.0.0.0:0            LISTENING       2940
TCP    0.0.0.0:47233       0.0.0.0:0            LISTENING       4
TCP    0.0.0.0:49732       0.0.0.0:0            LISTENING       4
TCP    0.0.0.0:49735       0.0.0.0:0            LISTENING       4
TCP    127.0.0.1:1051      127.0.0.1:5354       ESTABLISHED     1824
TCP    127.0.0.1:1052      127.0.0.1:5354       ESTABLISHED     1824
UDP    0.0.0.0:3702        *:*                                  2180
UDP    0.0.0.0:4500        *:*                                  1120
UDP    0.0.0.0:5355        *:*                                  1500
UDP    0.0.0.0:17500       *:*                                  2540
UDP    0.0.0.0:53301       *:*                                  1704
UDP    0.0.0.0:60429       *:*                                  1096
UDP    0.0.0.0:60431       *:*                                  1096
UDP    0.0.0.0:60959       *:*                                  2180
UDP    0.0.0.0:64927       *:*                                  1612
UDP    127.0.0.1:1900      *:*                                  2180
UDP    127.0.0.1:49307     *:*                                  5784
UDP    127.0.0.1:49308     *:*                                  5784
UDP    127.0.0.1:52417     *:*                                  5684
UDP    127.0.0.1:53299     *:*                                  1824
UDP    127.0.0.1:53300     *:*                                  1824
UDP    127.0.0.1:57665     *:*                                  804
UDP    127.0.0.1:58065     *:*                                  1120
UDP    127.0.0.1:60428     *:*                                  2180
UDP    127.0.0.1:60977     *:*                                  1500

The first column indicates whether the port is using TCP or UDP. The second column gives the IP:port address on the local machine. The third column gives the IP:port address on the remote machine. The last two columns indicate the state of the connection and the process ID of the process using the port.

This tip (9986) applies to Windows 7, 8, and 10.

Author Bio

Barry Dysert

Barry has been a computer professional for over 35 years, working in different positions such as technical team leader, project manager, and software developer. He is currently a software engineer with an emphasis on developing custom applications under Microsoft Windows. When not working with Windows or writing Tips, Barry is an amateur writer. His first non-fiction book is titled "A Chronological Commentary of Revelation." Learn more about Barry...

MORE FROM BARRY

Using the Character Map

There may be times when you need to insert special characters that aren't found on your keyboard. Windows provides a ...

Discover More

Ending a Frozen Program

Sometimes a program can get "stuck," meaning it is no longer responsive and appears to be doing nothing at all. You can ...

Discover More

Switching Between Command Line and File Explorer

Sometimes you can be more effective in a command window, and other times you can be more effective using File Explorer. ...

Discover More

More WindowsTips

Opening Websites from the Taskbar

Launching websites typically require an open web browser. A hidden Windows 10 feature opens websites directly from the ...

Discover More

Setting the Default Search Engine in Microsoft Edge

For some people, search engines are a religious issue. Fortunately, Microsoft Edge has left the door open for you to ...

Discover More

Edge Chromium Setting URLs

Edge Chromium allows access to settings using shortcut URLs. Use this list of Edge settings shortcut URLs to quickly ...

Discover More

Comments

If you would like to add an image to your comment (not an avatar, but an image to help in making the point of your comment), include the characters [{fig}] (all 7 characters, in the sequence shown) in your comment text. You’ll be prompted to upload your image when you submit the comment. Maximum image size is 6Mpixels. Images larger than 600px wide or 1000px tall will be reduced. Up to three images may be included in a comment. All images are subject to review. Commenting privileges may be curtailed if inappropriate images are posted.

Notify me about new comments ONLY FOR THIS TIP

Notify me about new comments ANYWHERE ON THIS SITE

Hide my email address

What is two more than 7?

2017-06-19 11:41:02

Barry

You have a good point, David. That's something I have to work up. Thanks.

2017-06-19 10:39:28

DavidS

I have run this report out of curiosity.

I notice that only the rows showing the TCP protocol have much information. One particular process has paired off ports and marked them as "Established". For example:
Local Address ending 161 is paired with identical "Foreign " Address 162"
Local Address ending 162 is paired with identical "Foreign " Address 161"
which suggests that the local address is associated with another local address.
There are approximately 34 such ports making 17 pairs.

Looking at the status column for all ports (not just the paired ones mentioned above) ports are marked as
TIME_WAIT
CLOSE_WAIT
LAST_ACK

There are many more ports than I have USB etc ports.

Could we have a follow up tip, please, to consider what to do about the information we find in the report? Without that the report has data but provides no insight on which to act.

Scanning Your System for Open Ports

Author Bio

MORE FROM BARRY

More WindowsTips

Comments

Newest Tips

Links and Sharing

OUR COMPANY

OUR PRODUCTS

OUR SITES