How to Open, Close, and Check Open Ports in Windows 10 and Windows 11

Overview

What Are Open Ports in Windows?

A network port is a numbered communication endpoint used by an application or Windows service. For example, a web server usually listens on port 80 for HTTP or port 443 for HTTPS. Remote Desktop commonly uses TCP port 3389, while DNS usually uses port 53.

When people say that a port is “open” in Windows, they can mean two different things:

Meaning	What It Means	How to Check
A program is listening	An application or service is waiting for incoming connections on that port.	`netstat`, PowerShell, Resource Monitor
The firewall allows the port	Windows Defender Firewall has a rule that allows traffic through that port.	Windows Defender Firewall, PowerShell firewall rules

ℹ️

Important Difference Opening a firewall port does not automatically start a service. A port will only appear as listening if an application is actually running and bound to that port.

Preparation

Before You Open a Port in Windows 10 or Windows 11

Opening ports can be necessary for game servers, local web servers, database access, remote administration tools, file sharing, development environments, and some peer-to-peer applications. However, every open inbound port can also increase the attack surface of your PC.

Know the exact port number you need to allow, for example 25565 for a Minecraft server or 3389 for Remote Desktop.
Know the protocol: TCP, UDP, or both. TCP is used for reliable connections; UDP is common for games, DNS, streaming, and real-time traffic.
Choose the correct network profile: Domain, Private, or Public. For home networks, use Private whenever possible. Avoid allowing ports on Public networks unless absolutely necessary.
Prefer program-based rules when possible. Allowing a specific application is often safer than opening a raw port for every program.
Confirm router settings if the service must be reachable from the internet. Windows firewall rules and router port forwarding are separate settings.

⚠️

Security Warning Do not open ports for services you do not understand. Be especially careful with Remote Desktop, SMB file sharing, databases, and admin panels. If external access is required, consider VPN access instead of exposing the service directly to the internet.

Method 1

How to Open a Port in Windows Defender Firewall

The graphical firewall console is the safest method for most users because it clearly shows the rule type, protocol, port number, network profile, and rule name.

Press Win + R, type wf.msc, and press Enter.
In the left panel, click Inbound Rules.
In the right panel, click New Rule....
Select Port and click Next.
Choose TCP or UDP.
Select Specific local ports and enter the port number, for example 8080. You can also enter a range such as 5000-5010.
Select Allow the connection.
Choose the profiles where the rule should apply: Domain, Private, and/or Public.
Enter a clear rule name, for example Allow TCP 8080 - Local Web Server.
Click Finish.

✅

Recommended Practice Give every custom firewall rule a descriptive name. Later, it will be much easier to find and remove rules like Allow TCP 8080 - Local Web Server than rules named simply Port or Test.

Method 2

How to Open a Port in Windows Using PowerShell

PowerShell is faster for administrators and useful when you need to create the same firewall rule on multiple computers.

Right-click Start.
Select Terminal (Admin), Windows PowerShell (Admin), or Windows Terminal (Admin).
Run the command below, replacing the port number and rule name if needed.

New-NetFirewallRule -DisplayName "Allow TCP 8080" -Direction Inbound -Protocol TCP -LocalPort 8080 -Action Allow -Profile Private

This example opens inbound TCP port 8080 only on the Private network profile.

Open a UDP Port with PowerShell

New-NetFirewallRule -DisplayName "Allow UDP 27015" -Direction Inbound -Protocol UDP -LocalPort 27015 -Action Allow -Profile Private

Open a Port on All Network Profiles

New-NetFirewallRule -DisplayName "Allow TCP 8080 All Profiles" -Direction Inbound -Protocol TCP -LocalPort 8080 -Action Allow -Profile Any

⚠️

Use Profile Any Carefully -Profile Any applies the rule to Domain, Private, and Public networks. For a laptop, this can expose the port on hotel, airport, or coffee shop Wi-Fi.

Method 3

How to Open a Port in Windows Using Command Prompt

You can also open ports with netsh, which works in both Windows 10 and Windows 11 and is useful in batch files.

Open Command Prompt as administrator.
Run one of the commands below.

Open TCP Port 8080

netsh advfirewall firewall add rule name="Allow TCP 8080" dir=in action=allow protocol=TCP localport=8080 profile=private

Open UDP Port 27015

netsh advfirewall firewall add rule name="Allow UDP 27015" dir=in action=allow protocol=UDP localport=27015 profile=private

Open a Range of Ports

netsh advfirewall firewall add rule name="Allow TCP 5000-5010" dir=in action=allow protocol=TCP localport=5000-5010 profile=private

Close Ports

How to Close a Port in Windows 10 and Windows 11

To close a port, you usually need to do one of two things: remove or disable the firewall rule that allows the port, and stop the application that is listening on the port. If a service continues to run, the port may still appear as LISTENING locally, even if the firewall blocks inbound traffic.

Close a Port Using Windows Defender Firewall

Press Win + R, type wf.msc, and press Enter.
Open Inbound Rules.
Find the rule that allows the port.
Right-click the rule and choose Disable Rule if you may need it later.
Choose Delete if you want to remove it permanently.

Close a Port with PowerShell

Remove-NetFirewallRule -DisplayName "Allow TCP 8080"

To disable the rule instead of deleting it:

Disable-NetFirewallRule -DisplayName "Allow TCP 8080"

Close a Port with Command Prompt

netsh advfirewall firewall delete rule name="Allow TCP 8080" protocol=TCP localport=8080

💡

Tip If you do not know the rule name, open wf.msc and sort or filter inbound rules by Local Port, Protocol, or Enabled status.

View Ports

How to See Open Ports in Windows

Windows includes several built-in tools for viewing open ports and active connections. The most useful ones are netstat, PowerShell, Resource Monitor, and Windows Defender Firewall logs.

Command Prompt

Best for a quick list of listening ports and process IDs.

netstat -ano | findstr LISTENING

PowerShell

Best for filtering and scripting active TCP listeners.

Get-NetTCPConnection -State Listen

Resource Monitor

Best for users who prefer a graphical interface.

resmon

View Listening Ports with netstat

netstat -ano | findstr LISTENING

The output shows the protocol, local address, port, connection state, and PID. For example:

TCP    0.0.0.0:8080     0.0.0.0:0     LISTENING     1234

In this example, port 8080 is listening, and the process ID is 1234.

Show All Active Connections and Listening Ports

netstat -ano

View Listening TCP Ports with PowerShell

Get-NetTCPConnection -State Listen | Sort-Object LocalPort | Select-Object LocalAddress,LocalPort,OwningProcess

View UDP Endpoints with PowerShell

Get-NetUDPEndpoint | Sort-Object LocalPort | Select-Object LocalAddress,LocalPort,OwningProcess

View Open Ports in Resource Monitor

Press Win + R, type resmon, and press Enter.
Open the Network tab.
Expand Listening Ports.
Check the Image, PID, Address, Port, Protocol, and Firewall Status columns.

Process Identification

How to Find Which Program Is Using a Port in Windows

If a port is already in use, another program may fail to start. You can identify the process by matching the port number to a PID and then matching the PID to an application.

Step 1: Find the PID for a Port

netstat -ano | findstr :8080

Look at the last number in the line. That is the process ID.

Step 2: Find the Program Name by PID

tasklist /fi "PID eq 1234"

Replace 1234 with the PID from the previous command.

PowerShell Alternative

Get-Process -Id 1234

Stop the Process if Necessary

taskkill /PID 1234 /F

⚠️

Be Careful Do not terminate unknown system processes. If the process belongs to Windows, a driver, antivirus software, database engine, or virtual machine platform, stopping it may break active services or cause data loss.

Testing

How to Test Whether a Port Is Open or Blocked

After creating a firewall rule, you should verify whether the port is actually reachable. A successful test requires three things: a service listening on the port, a firewall rule that allows traffic, and correct network routing.

Test a TCP Port with PowerShell

Test-NetConnection 192.168.1.10 -Port 8080

If the output shows TcpTestSucceeded : True, the TCP port is reachable from that computer.

Test Local Listening Status

netstat -ano | findstr :8080

Check Firewall Rules for a Port

Get-NetFirewallPortFilter | Where-Object {$_.LocalPort -eq "8080"}

🌐

Internet Access Note If you want a port to be reachable from outside your home network, you usually also need port forwarding on your router and a public IP address. Opening a port in Windows Firewall alone is not enough.

Reference

Common Windows Ports You May See

These are common ports you may encounter while checking open ports on a Windows computer. Do not open them publicly unless you understand exactly why they are needed.

HTTP: TCP 80 HTTPS: TCP 443 DNS: TCP/UDP 53 RDP: TCP/UDP 3389 SMB: TCP 445 WinRM HTTP: TCP 5985 WinRM HTTPS: TCP 5986

Port	Protocol	Common Use	Security Note
`80`	TCP	HTTP web traffic	Usually safe only for a configured web server.
`443`	TCP	HTTPS web traffic	Prefer HTTPS over HTTP for public services.
`53`	TCP/UDP	DNS	Do not expose a recursive DNS resolver publicly.
`445`	TCP	SMB file sharing	Should not be exposed to the internet.
`3389`	TCP/UDP	Remote Desktop	Use VPN, strong authentication, and account lockout policies.
`5985`	TCP	Windows Remote Management over HTTP	Use only on trusted networks.
`5986`	TCP	Windows Remote Management over HTTPS	Requires proper certificate configuration.

Troubleshooting

Why a Port Is Still Closed After You Open It

If an online port checker or another computer still cannot connect, use this checklist.

Problem	What to Check	Fix
No service is listening	`netstat -ano \| findstr :PORT`	Start the application or service that should use the port.
Wrong protocol	TCP vs UDP	Create the rule for the correct protocol, or create separate TCP and UDP rules.
Wrong network profile	Private/Public/Domain	Change the rule profile or switch the network type to Private if appropriate.
Router blocks inbound traffic	Port forwarding settings	Forward the port to the correct local IP address.
Local IP changed	PC's current IPv4 address	Use a DHCP reservation or static IP for the server PC.
ISP uses CGNAT	Router WAN IP vs public IP	Request a public IP, use IPv6 if available, or use a VPN/tunnel solution.
Third-party security software blocks traffic	Antivirus firewall settings	Add an allow rule in the third-party firewall or temporarily test with it disabled.

FAQ

Frequently Asked Questions About Open Ports in Windows

Is opening a port in Windows dangerous?

It can be safe if you know what service uses the port, restrict the rule to the correct profile, keep the software updated, and avoid exposing sensitive services directly to the internet. Opening unnecessary ports is not recommended.

Why does netstat show a port as LISTENING even after I deleted a firewall rule?

Because netstat shows applications listening locally. Deleting a firewall rule blocks inbound traffic, but it does not stop the application. Stop the related service or program if you want the port to disappear from the listening list.

Can I open the same port for both TCP and UDP?

Yes. TCP and UDP are separate protocols. If an application requires both, create two firewall rules: one for TCP and one for UDP using the same local port number.

What is the fastest way to see open ports in Windows?

Open Command Prompt and run netstat -ano | findstr LISTENING. For a graphical view, press Win + R, run resmon, open the Network tab, and expand Listening Ports.

Do I need router port forwarding too?

Only if the service must be reachable from outside your local network. For access from another device on the same LAN, a Windows firewall rule may be enough. For internet access, router port forwarding and a reachable public IP address are usually required.

Summary

Best Way to Manage Ports in Windows

For most users, the best way to open a port is through Windows Defender Firewall with Advanced Security using wf.msc. It provides a clear interface and reduces the chance of creating an overly broad rule. For administrators, PowerShell is faster and easier to automate.

🔐 Bottom Line

Open only the ports you need, limit rules to the correct network profile, use descriptive rule names, and regularly review listening ports with netstat, PowerShell, or Resource Monitor. If a service must be available from the internet, secure it carefully and avoid exposing sensitive ports such as SMB or Remote Desktop without additional protection.