windows port assignments

How to Open Ports on Windows 11: A Step-by-Step Guide for Beginners

Learning how to open ports on Windows 11 can be super useful, especially if you’re gaming, hosting a server, or using specific software that requires open ports. Essentially, you’ll need to access the Windows Firewall settings and manually add a new rule to allow traffic through the port you choose.

How to Open Ports on Windows 11

Opening ports on Windows 11 involves tweaking your firewall settings to let particular types of network traffic through. Following these steps will ensure that your applications or games can communicate freely over the internet or local network.

Step 1: Open Windows Security

First, open the Windows Security app from the Start menu.

You can type “Windows Security” into the search bar and select it from the results. This application is your gateway to managing your firewall settings.

Step 2: Navigate to Firewall & Network Protection

Next, select “Firewall & Network Protection” from the list of options.

This section in Windows Security is where you can access all the firewall settings, including rules for inbound and outbound traffic.

Step 3: Advanced Settings

Click on “Advanced Settings” on the Firewall & Network Protection page.

This will open the Windows Defender Firewall with Advanced Security screen, giving you more control over your firewall rules.

Step 4: Inbound Rules

Select “Inbound Rules” in the left-hand pane.

Inbound rules govern the traffic coming into your computer. You’ll create a new rule here to open your desired port.

Step 5: New Rule

Click on “New Rule…” on the right-hand pane.

This will start a wizard that will guide you through the steps of creating a new firewall rule.

Step 6: Select Port

Choose “Port” as the rule type and click “Next.”

The wizard will now ask you for more details about the port you wish to open.

Step 7: Specify Port

Select “TCP” or “UDP,” then enter the specific port number or range and click “Next.”

TCP and UDP are two different types of protocols. Make sure to select the one required by your application or game.

Step 8: Allow the Connection

Choose “Allow the Connection” and click “Next.”

This setting will allow traffic through the specified port.

Step 9: Specify Profile

Select the network profiles to apply the rule to (Domain, Private, Public), then click “Next.”

These profiles represent different types of networks you might connect to. Choose based on where you’ll use the application.

Step 10: Name the Rule

Give the rule a name, like “Game Port” or “Server Port,” and click “Finish.”

Naming the rule helps you identify it later if you need to make changes.

Once you’ve completed these steps, the port you specified will be open, allowing the associated application or game to communicate freely through the firewall.

Tips for Opening Ports on Windows 11

Always double-check the port number and protocol (TCP or UDP) required by the application or game.
Ensure that your firewall is active and properly configured to avoid security risks.
Close any ports that are no longer needed to maintain system security.
Use the “Advanced Settings” wisely to avoid creating conflicts with existing firewall rules.
Regularly review your firewall rules to keep your system secure and efficient.

Frequently Asked Questions

Why do i need to open ports on windows 11.

Certain applications and games require open ports to communicate over the internet or local network.

Is it safe to open ports?

Yes, but only if you open the necessary ports and keep your system secure by closing unused ports.

What is the difference between TCP and UDP?

TCP is a connection-oriented protocol, while UDP is a connectionless protocol. Choose based on your application’s requirements.

Can I close a port after opening it?

Absolutely. You can delete the firewall rule associated with that port to close it.

Do I need to open ports for all applications?

No, only for applications or games that specifically require open ports for proper functionality.

Open Windows Security.
Navigate to Firewall & Network Protection.
Click Advanced Settings.
Select Inbound Rules.
Click New Rule.
Choose Port.
Specify Port.
Allow the Connection.
Specify Profile.
Name the Rule.

Opening ports on Windows 11 is an essential skill for anyone looking to optimize their network settings for specific applications or games. By following the step-by-step process outlined in this guide, you’ll be able to manage your firewall settings like a pro. Remember, while opening ports can solve connectivity issues, it’s crucial to maintain a balance between functionality and security. Always monitor and review your firewall rules to ensure your system remains safe. If you’re interested in further enhancing your network skills, consider reading up on advanced firewall configurations or network security best practices. Happy networking!

Matt Jacobs has been working as an IT consultant for small businesses since receiving his Master’s degree in 2003. While he still does some consulting work, his primary focus now is on creating technology support content for SupportYourTech.com.

His work can be found on many websites and focuses on topics such as Microsoft Office, Apple devices, Android devices, Photoshop, and more.

Get Our Free Newsletter

How-to guides and tech deals

You may opt out at any time. Read our Privacy Policy

How-To Geek

How to check open tcp/ip ports in windows.

Your changes have been saved

Email is sent

Email has already been sent

Please verify your email address.

You’ve reached your account maximum for followed topics.

Hannah Stryker / How-To Geek

Read update, quick links, how do ports work, use built-in tools to see what is listening on a port, use nirsoft currports to view what is listening on a port, key takeaways.

Run the command "netstat -ab" in an elevated Command Prompt, PowerShell, or Terminal window to see a list of applications and their associated ports. This works in Windows 11 too.
Checking open ports can be done using built-in tools like Command Prompt or PowerShell, which list active ports and the associated process names or identifiers.
The freeware application CurrPorts by NirSoft provides an easier way to view what is listening on a port, displaying detailed information about the process and allowing for better management of ports.

Whenever an application wants to make itself accessible over the network, it claims a TCP/IP port, which means that port can't be used by anything else. So how do you check open ports to see what application is already using it?

We've tested this process and confirmed that all of the steps are up-to-date, and that they all work in Windows 11, too.

An IP address specifies a computer — or other network device — on a network. When one device sends traffic to another, the IP address is used to route that traffic to the appropriate place. Once the traffic reaches the right place, the device needs to know which app or service to send the traffic on to. That's where ports come in.

If the IP address is akin to a street address on a piece of mail, the port is something like the name of the person at that residence who gets the mail. For the most part, you don't need to worry about ports. But once in a while, you might encounter an app that's set to listen for traffic on the same port that another app already has in use. In that case, you'll need to identify the app that already has that port in use.

There are a number of ways to tell what application has a port locked, but we're going to walk you through a couple of built-in ways that use the Command Prompt , PowerShell , or the Terminal , and then show you a great freeware application that makes it even easier. All these methods should work no matter which version of Windows you use.

We've got two commands to show you. The first lists active ports along with the name of the process that's using them. Most of the time, that command will work fine. Sometimes, though, the process name won't help you identify what app or service actually has a port tied up. For those times, you'll need to list active ports along with their process identifier numbers and then look those processes up in Task Manager.

Option One: View Port Use Along with Process Names

First, you'll need to open the Command Prompt in administrator mode. Hit Start, and then type "command" into the search box. When you see "Command Prompt" appear in the results, right-click it and choose "Run as administrator," or click "Run as Administrator" on the right.

You can also use PowerShell or Terminal for this.

At the Command Prompt, type the following text and then hit Enter:

netstat -ab

After you hit Enter, the results may take a minute or two to fully display, so be patient. Scroll through the list to find the port (which is listed after the colon to the right of the local IP address), and you'll see the process name listed under that line. If you'd like to make things a little easier, remember that you can also pipe the results of the command to a text file . You could then just search the text file for the port number you're after.

Here, for example, you can see that port 49902 is tied up by a process named picpick.exe. PicPick is an image editor on our system, so we can assume the port is actually tied up by the process that regularly checks for updates to the app.

Option Two: View Port Use Along with Process Identifiers

If the name of the process for the port number you're looking up makes it difficult to tell what the related app is, you can try a version of the command that shows process identifiers (PIDs) rather than names. Type the following text at the Command Prompt, and then hit Enter:

netstat -aon

The column at the far right lists PIDs, so just find the one that's bound to the port that you're trying to troubleshoot.

Next, open up Task Manager by right-clicking any open space on your taskbar and choosing " Task Manager ." You can also hit Ctrl+Shift+Esc.

If you're using Windows 8, 10, or 11 switch to the "Details" tab in Task Manager.

In older versions of Windows, you'll see this information on the "Processes" tab. Sort the list of process by the "PID" column and find the PID associated with the port you're investigating. You might be able to tell more about what app or service has the port tied up by looking at the "Description" column.

If not, right-click the process and choose "Open file location." The location of the file will likely give you clues as to what app is involved.

When Once you're there, you can use the End Process, Open File Location, or Go to Service(s) options to control the process or stop it.

If you aren't really the Command Prompt type — or you'd rather just use a simple utility to do all this in one step — we recommend the excellent freeware CurrPorts utility by NirSoft. Go ahead and download the tool. Just make sure you get the right version (the regular version is for 32-bit Windows and the x64 version is for 64-bit Windows). It's a portable app , so you won't need to install it. Just unzip the download folder and run executable.

In the CurrPorts window, sort by the "Local Port" column, find the port you're investigating, and you can see everything — the process name, PID, port, the full path to the process, and so on.

To make it even easier, double-click on any process to see every single detail in one window.

When you've determined what app or service has the port you're investigating tied up, it's up to you how to handle it. If it's an app, you may have the option to specify a different port number. If it's a service — or you don't have the option to specify a different port number — you'll likely have to stop the service or remove the app.

This browser is no longer supported.

Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.

Troubleshoot port exhaustion issues

5 contributors

Applies to: Windows 10

TCP and UDP protocols work based on port numbers used for establishing connection. Any application or a service that needs to establish a TCP/UDP connection will require a port on its side.

There are two types of ports:

Ephemeral ports, which are dynamic ports, are the set of ports that every machine by default will have to make an outbound connection.
Well-known ports are the defined ports for a particular application or service. For example, file server service is on port 445, HTTPS is 443, HTTP is 80, and RPC is 135. Custom applications will also have their own defined port numbers.

When a connection is being established with an application or service, client devices use an ephemeral port from the device to connect to a well-known port defined for that application or service. A browser on a client machine will use an ephemeral port to connect to https://www.microsoft.com on port 443.

In a scenario where the same browser is creating many connections to multiple websites, for any new connection that the browser is attempting, an ephemeral port is used. After some time, you'll notice that the connections will start to fail and one high possibility for this failure would be because the browser has used all the available ports to make connections outside and any new attempt to establish a connection will fail as there are no more ports available. When all the ports on a machine are used, we term it as port exhaustion.

Default dynamic port range for TCP/IP

To comply with Internet Assigned Numbers Authority (IANA) recommendations, Microsoft has increased the dynamic client port range for outgoing connections. The new default start port is 49152, and the new default end port is 65535. This increase is a change from the configuration of earlier versions of Windows that used a default port range of 1025 through 5000.

You can view the dynamic port range on a computer by using the following netsh commands:

netsh int ipv4 show dynamicport tcp
netsh int ipv4 show dynamicport udp
netsh int ipv6 show dynamicport tcp
netsh int ipv6 show dynamicport udp

The range is set separately for each transport (TCP or UDP). The port range is now a range that has a starting point and an ending point. Microsoft customers who deploy servers that are running Windows Server may have problems that affect RPC communication between servers if firewalls are used on the internal network. In these situations, we recommend that you reconfigure the firewalls to allow traffic between servers in the dynamic port range of 49152 through 65535. This range is in addition to well-known ports that are used by services and applications. Or, the port range that is used by the servers can be modified on each server. You adjust this range by using the netsh command, as follows. The above command sets the dynamic port range for TCP.

The start port is number, and the total number of ports is range. The following are sample commands:

netsh int ipv4 set dynamicport tcp start=10000 num=1000
netsh int ipv4 set dynamicport udp start=10000 num=1000
netsh int ipv6 set dynamicport tcp start=10000 num=1000
netsh int ipv6 set dynamicport udp start=10000 num=1000

These sample commands set the dynamic port range to start at port 10000 and to end at port 10999 (1000 ports). The minimum range of ports that can be set is 255. The minimum start port that can be set is 1025. The maximum end port (based on the range being configured) can't exceed 65535. To duplicate the default behavior of Windows Server 2003, use 1025 as the start port, and then use 3976 as the range for both TCP and UDP. This usage pattern results in a start port of 1025 and an end port of 5000.

Specifically, about outbound connections as incoming connections won't require an Ephemeral port for accepting connections.

Since outbound connections start to fail, you'll see many instances of the below behaviors:

Unable to sign in to the machine with domain credentials, however sign-in with local account works. Domain sign in will require you to contact the DC for authentication, which is again an outbound connection. If you've cache credentials set, then domain sign-in might still work.

Screenshot of error for NETLOGON in Event Viewer.

Group Policy update failures:

Screenshot of event properties for Group Policy failure.

File shares are inaccessible:

Screenshot of error message Windows cannot access.

RDP from the affected server fails:

Screenshot of error when Remote Desktop is unable to connect.

Any other application running on the machine will start to give out errors

Reboot of the server will resolve the issue temporarily, but you would see all the symptoms come back after a period of time.

If you suspect that the machine is in a state of port exhaustion:

Try making an outbound connection. From the server/machine, access a remote share or try an RDP to another server or telnet to a server on a port. If the outbound connection fails for all of these options, go to the next step.

Open event viewer and under the system logs, look for the events that clearly indicate the current state:

Event ID 4227

Event ID 4231

Collect a netstat -anob output from the server. The netstat output will show you a huge number of entries for TIME_WAIT state for a single PID.

After a graceful closure or an abrupt closure of a session, after a period of 4 minutes (default), the port used by the process or application would be released back to the available pool. During this 4 minutes, the TCP connection state will be TIME_WAIT state. In a situation where you suspect port exhaustion, an application or process won't be able to release all the ports that it has consumed and will remain in the TIME_WAIT state.

You might also see CLOSE_WAIT state connections in the same output; however, CLOSE_WAIT state is a state when one side of the TCP peer has no more data to send (FIN sent) but is able to receive data from the other end. This state doesn't necessarily indicate port exhaustion.

Having huge connections in TIME_WAIT state doesn't always indicate that the server is currently out of ports unless the first two points are verified. Having lot of TIME_WAIT connections does indicate that the process is creating lot of TCP connections and may eventually lead to port exhaustion.

Netstat has been updated in Windows 10 with the addition of the -Q switch to show ports that have transitioned out of time wait as in the BOUND state. An update for Windows 8.1 and Windows Server 2012 R2 has been released that contains this functionality. The PowerShell cmdlet Get-NetTCPConnection in Windows 10 also shows these BOUND ports.

Until 10/2016, netstat was inaccurate. Fixes for netstat, back-ported to 2012 R2, allowed Netstat.exe and Get-NetTcpConnection to correctly report TCP or UDP port usage in Windows Server 2012 R2. See Windows Server 2012 R2: Ephemeral ports hotfixes to learn more.

Open a command prompt in admin mode and run the below command.

Open the server.etl file with Network Monitor and in the filter section, apply the filter Wscore_MicrosoftWindowsWinsockAFD.AFD_EVENT_BIND.Status.LENTStatus.Code == 0x209 . You should see entries that say STATUS_TOO_MANY_ADDRESSES . If you don't find any entries, then the server is still not out of ports. If you find them, then you can confirm that the server is under port exhaustion.

Troubleshoot Port exhaustion

The key is to identify which process or application is using all the ports. Below are some of the tools that you can use to isolate to one single process

Start by looking at the netstat output. If you're using Windows 10 or Windows Server 2016, then you can run the command netstat -anobq and check for the process ID that has maximum entries as BOUND. Alternately, you can also run the below PowerShell command to identify the process:

Most port leaks are caused by user-mode processes not correctly closing the ports when an error was encountered. At the user-mode level, ports (actually sockets) are handles. Both TaskManager and ProcessExplorer are able to display handle counts, which allows you to identify which process is consuming all of the ports.

For Windows 7 and Windows Server 2008 R2, you can update your PowerShell version to include the above cmdlet.

If method 1 doesn't help you identify the process (prior to Windows 10 and Windows Server 2012 R2), then have a look at Task Manager:

Add a column called "handles" under details/processes.

Sort the column handles to identify the process with the highest number of handles. Usually the process with handles greater than 3000 could be the culprit except for processes like System, lsass.exe , store.exe , sqlsvr.exe .

Screenshot of handles column in Windows Task Manager.

If any other process than these processes has a higher number, stop that process and then try to sign in using domain credentials and see if it succeeds.

If Task Manager didn't help you identify the process, then use Process Explorer to investigate the issue.

Steps to use Process explorer:

Download Process Explorer and run it Elevated .

Alt + select the column header, select Choose Columns , and on the Process Performance tab, add Handle Count .

Select View > Show Lower Pane .

Select View > Lower Pane View > Handles .

Select the Handles column to sort by that value.

Examine the processes with higher handle counts than the rest (will likely be over 10,000 if you can't make outbound connections).

Click to highlight one of the processes with a high handle count.

In the lower pane, the handles listed as below are sockets. (Sockets are technically file handles).

File \Device\AFD

Screenshot of Process Explorer with the processes sorted by handles.

Some are normal, but large numbers of them aren't (hundreds to thousands). Close the process in question. If that restores outbound connectivity, then you've further proven that the app is the cause. Contact the vendor of that app.

Finally, if the above methods didn't help you isolate the process, we suggest you collect a complete memory dump of the machine in the issue state. The dump will tell you which process has the maximum handles.

As a workaround, rebooting the computer will get it back in normal state and would help you resolve the issue for the time being. However, when a reboot is impractical, you can also consider increasing the number of ports on the machine using the below commands:

This command will set the dynamic port range to start at port 10000 and to end at port 10999 (1000 ports). The minimum range of ports that can be set is 255. The minimum start port that can be set is 1025. The maximum end port (based on the range being configured) can't exceed 65535.

Note that increasing the dynamic port range is not a permanent solution but only temporary. You'll need to track down which process/processors are consuming max number of ports and troubleshoot from that process standpoint as to why it's consuming such high number of ports.

For Windows 7 and Windows Server 2008 R2, you can use the below script to collect the netstat output at defined frequency. From the outputs, you can see the port usage trend.

More information

Port Exhaustion and You! - this article gives a detail on netstat states and how you can use netstat output to determine the port status
Detecting ephemeral port exhaustion : this article has a script that will run in a loop to report the port status. (Applicable for Windows 2012 R2, Windows 8, Windows 10 and Windows 11)

Was this page helpful?