How to: Port Scan in CMD

By Jason Artman

The Windows command prompt utility netstat allows you to scan your computer to learn whether it has any programs or services listening for incoming connections over the Internet. In most cases, legitimate programs such as anti-virus update services cause your computer to listen for incoming connections. However, in some cases the netstat utility can help you spot a vulnerability caused by a virus or malicious software. Run the netstat utility from an elevated Windows command prompt.

Step 1

Open the Start menu, and type "cmd" in the "Search programs and files" field at the bottom.

Step 2

Right-click the "cmd" icon when it appears on the result list. Select "Run as Administrator" on the context menu. Type an Administrator password and press "Enter" if the computer prompts you for administrative credentials.

Step 3

Type "netstat -a" in the Command Prompt window, and press "Enter." The computer displays a list of all open TCP and UDP ports.

Step 4

Look for any port number that displays the word "LISTENING" under the "State" column. Your computer is listening for incoming connection requests over these port numbers. Look the port numbers up using an online list to determine the programs and services associated with those ports.

Tips & Warnings

  • If you have multiple machines that connect to the Internet through a server computer, run the port scan on the server as a vulnerability on that computer could potentially affect the entire network.
  • You can also run a port scan on your computer using a Web-based tool such as Gibson Research Corporation's ShieldsUP!. When used in combination with the netstat utility in Windows, a Web-based port scan provides a more comprehensive view of your computer's vulnerable ports.