Open ports on your Windows PC are crucial for both security and functionality. Ports act as communication channels between your device and the internet. Some ports are essential for tasks like web browsing or file sharing, but others can create significant security risks. 

The best way to manage ports is to monitor which ones are open and close those that aren’t needed. Doing this helps prevent unauthorized access and protects your system from potential attacks. 

In this guide, we’ll explain how to check, open, and close ports on Windows 10 and 11. We’ll also provide tips on securing sensitive ports, such as port 135. 

What are ports in Windows?

Ports in are virtual pathways that allow devices and applications to communicate over a network. Think of them as doorways for data.  

For example, web browsers use port 80 for regular HTTP traffic and port 443 for secure HTTPS connections. Other services, like file sharing or gaming, rely on different ports to function. These ports are essential for your device to connect to the right services and work properly. However, if left unchecked, open ports can also become vulnerable points that hackers might exploit. That’s why it’s crucial to only keep the ports open that are necessary for your system’s performance and security. 

How to check open ports on Windows

Before you start closing or opening ports, you need to know which ports are currently active on your system. There are a couple of easy ways to check. 

Using command prompt 

1. Press Windows + R, type cmd, and hit Enter. 

1. In the Command Prompt window, type the following command: 

arduino 

netstat -an | find “LISTENING” 

This will display a list of all open ports and their current status. You can also use third-party tools like Nmap if you need more detailed information about port configurations. Keep in mind that Nmap requires installation and setup, but it’s very effective for in-depth port scanning. 

How to close ports on Windows

Closing unnecessary or unused ports is an important step in protecting your system. But, remember: not all ports can—or should—be closed, as doing so could interfere with important services like web browsing or email. 

Close a port that is unused

You don’t have to close every port on your system—some, like those used for web browsing, should remain open—but you can block unused or unnecessary ports using Windows Firewall: 

1. Press Windows + S, search for Windows Defender Firewall, and open it. 
2. On the left side, click on Advanced Settings. 
3. Under Inbound Rules, click New Rule. 
4. Choose Port and specify the port range or specific port you want to block. 
5. Select Block the Connection and complete the rule setup. 

Close a specific port (e.g., Port 135)

If you want to block a specific port, like port 135 (which is used by Remote Procedure Calls or RPC), here’s what to do: 

1. Open Windows Defender Firewall. 
2. Go to Inbound Rules > New Rule. 
3. Select Port, then type the port number (e.g., 135). 
4. Choose TCP or UDP, depending on the protocol used by the service. 
5. Click Block the Connection and finish the setup. 

Blocking port 135 can disable remote management tools and RPC-based services, so only block it if you’re sure it’s not needed for your system’s operation. 

Using command prompt to close ports 

You can also close ports directly through Command Prompt. To block port 135, for example, follow these steps: 

1. Open Command Prompt as an administrator. 
2. Enter the following command to block the port: 

netsh advfirewall firewall add rule name=”Block Port 135″ dir=in action=block protocol=TCP localport=135

3. You can verify that the rule is working by typing: 

netsh advfirewall firewall show rule name=”Block Port 135″

How to open ports on Windows

Sometimes, you’ll need to open certain ports for specific applications or services to function properly. Here’s how you can open ports on your Windows PC. 

Open ports via Command Prompt (Windows 11) 

To open a port using Command Prompt, follow these steps: 

1. Open Command Prompt as an administrator. 
2. Run the following command to open port 8080 (you can replace 8080 with any port number you need): 

netsh advfirewall firewall add rule name=”Open Port 8080″ dir=in action=allow protocol=TCP localport=8080 

Open ports using Windows Firewall 

Alternatively, you can open ports via Windows Firewall: 

1. Search for Windows Defender Firewall in the Start menu and open it. 

1. Click on Advanced Settings > Inbound Rules > New Rule. 

1. Choose Port, then specify the port number you need. 

1. Select Allow the Connection, and finalize the setup. 

Why close a port that is unused?

Leaving ports open unnecessarily can expose your system to malware attacks, unauthorized remote access, and data breaches. By closing unused ports, you reduce the attack surface, making it more difficult for malicious actors to exploit your system. It’s a simple but effective way to improve your overall security. 

Common ports to monitor and manage

Some ports are more commonly targeted than others, and it’s worth paying attention to them. Ports like 135 (for RPC services), 445 (used for SMB), and 80/443 (essential for web browsing) are common targets. While it’s generally safe to monitor and close ports like 135 and 445 if they’re not needed, make sure to leave ports 80 and 443 open for browsing the web. 

How to test if ports are open

Once you’ve made changes to your ports, it’s important to check if they’re properly open or closed. Here are some methods to test your ports: 

Using Telnet

You can use Telnet to test if a specific port is open: 

1. Press Windows + R, type cmd, and press Enter. 
2. Type the following command to test a port (e.g., port 80): 

telnet [IP Address] [Port]  

Example: 

telnet 192.168.1.1 80  

If the connection is successful, the port is open. If not, the port is likely closed. 

Using Pixelscan

Pixelscan is another useful tool to analyze your network setup and test if your ports are open. While primarily designed to assess browser fingerprinting and privacy risks, it can also help identify open ports that may expose your system to vulnerabilities. 

1. Visit Pixelscan.net in your browser. 

1. Run a scan to analyze your network and browser setup. 

1. Review the detailed report to identify any open ports or leaks that might compromise your security. 

Pixelscan provides an easy-to-read summary, making it a valuable resource for ensuring your system’s ports are configured correctly. 

Using online tools 

If you prefer, you can use online tools like Whoer.net or Open Port Check Tool to verify whether a port is open. Just remember, these tools may not detect ports blocked locally or behind a router firewall. 

Troubleshooting common issues

If you’ve blocked a port and find that a service is still using it, or if something isn’t working as expected, here’s what to do: 

1. Make sure the new rule is enabled in Advanced Settings within Windows Firewall. 
2. If a port remains open, check to see if an active service is using it. You can open services.msc (press Windows + R, type services.msc, and hit Enter) to find and stop the service that’s using the port. 
3. If an application stops working after you closed a port, it might need that port to function. In this case, temporarily open the port again.