Windows 11 Open Ports Page

Dynamic Treatise: Windows 11 Open Ports

7) Hardening and mitigation steps (prescriptive)

• Principle: minimize attack surface; only expose required ports and restrict access.
• Firewall:
  • Close all unnecessary inbound ports. Use Windows Defender Firewall with rules limiting source IP ranges and profiles.
  • Prefer allow-listing (permit specific IPs) over deny-listing.
• Remote access:
  • Disable RDP if not needed; otherwise place behind VPN, use RD Gateway, enable Network Level Authentication, and enforce strong credentials and MFA.
• SMB:
  • Disable SMBv1. Restrict SMB to internal networks; block TCP 445 at perimeter for clients that do not need inbound SMB.
• Administrative interfaces:
  • Disable WinRM/PowerShell remoting where not required; if needed use HTTPS and strong authentication.
• Services:
  • Uninstall or disable unused roles/features (IIS, FTP, print spooler if not needed).
• Patch and update:
  • Keep OS and applications updated; apply security updates promptly.
• Application configuration:
  • Configure apps to bind only to localhost or specific interfaces (e.g., dev servers).
• Network segmentation:
  • Place workstations, servers, and IoT devices on separate VLANs; apply ACLs.
• Endpoint protection:
  • Use EDR/AV and logging to detect suspicious listener creation or network activity.
• Port knocking / jump hosts:
  • For sensitive admin ports, consider jump hosts or port-knocking techniques.
• Use strong passwords, disable local admin where possible, implement least privilege.

4) Discovering open ports remotely (network scan)

• Use from another machine:
  • nmap example:

    nmap -sT -sU -p- -Pn <target-ip>
    

    • -sT TCP connect, -sU UDP scan, -p- all ports, -Pn skip host discovery.
  • Windows built-in: Test-NetConnection for single port or PortQry (Microsoft tool) for scans.
• Consider firewall and IDS: remote scans may be blocked or logged.

Method 2: PowerShell (Get-NetTCPConnection)

PowerShell offers more structured data.

1. Open PowerShell as Administrator.
2. Run:

   Get-NetTCPConnection -State Listen
   

   This yields a clean table showing LocalPort, LocalAddress, OwningProcess, and State.
3. To see the application name:

   Get-NetTCPConnection -State Listen | Select-Object LocalPort, OwningProcess | ForEach-Object  $_ 
   

9) Incident response (if you find suspicious open ports)

1. Isolate host from network if active compromise suspected.
2. Collect volatile data: netstat/tcpview, running processes, open files, Event Logs, memory image if needed.
3. Identify process/service owning the port; check binary path, hashes, parent process.
4. Check persistence: scheduled tasks, services, autoruns, registry Run keys.
5. Patch vulnerabilities and remove malicious binaries; restore from clean backup if needed.
6. Perform forensic analysis and notify stakeholders per policy.

How to Check Open Ports in Windows 11

There are three primary ways to inspect the status of your ports: using the Command Prompt, PowerShell, or third-party tools. windows 11 open ports