The built-in netstat (Network Statistics) tool is the fastest way to see what is happening under the hood.
How to read the results:
If you see a port listening that you don’t recognize, note the PID number on the far right. Open Task Manager, go to the Details tab, and look up that PID to see which application is responsible. windows 11 open ports
Get-NetFirewallPortFilter |
Where-Object $_.LocalPort -ne $null |
Select-Object -First 20
Windows 11 is more secure than previous versions (thanks to features like Virtualization-Based Security and Credential Guard), but open ports remain a liability. The built-in netstat (Network Statistics) tool is the
netstat -abno
The -b flag shows the executable name, but requires admin rights and can be slow. How to read the results:
| Port | Protocol | Service | Purpose | |------|----------|---------|---------| | 135 | TCP | RPC Endpoint Mapper | DCOM / remote management | | 139 | TCP | NetBIOS Session Service | File sharing (legacy) | | 445 | TCP | SMB | File & printer sharing | | 5040 | TCP | CDPSvc | Connected Devices Platform | | 5353 | UDP | mDNS | DNS-SD / network discovery | | 5355 | UDP | LLMNR | Link-Local Multicast Name Resolution | | 7680 | TCP | Update Orchestrator | Windows Update delivery optimization | | 49664–65535 | TCP | RPC dynamic ports | Remote procedure calls |
Many are bound to
0.0.0.0(all interfaces) or specific network profiles (Private/Public).