How to check if a port is blocked on a Windows machine?
On the Windows platform, what native options to I have to check if a port (3306, for example) on my local machine (as in localhost
), is being blocked?
Since you are on a Windows machine, these things can be done:
-
Execute the following command and look for a ":3306" listener (you did not mention UDP/TCP). This will confirm there is something running on the port.
netstat -a -n
-
After this, if you are expecting incoming connections on this port and feel that the firewall may be blocking them, you could use start windows firewall logging and check the logs for dropped connections
- Go to Windows Firewall, Advanced settings
- Click on the Settings button next to "Local Area Connection"
- Select "Log dropped packets"
- Look at the log file location (if not present, define one)
- Click OK
- Now, when the connection attempt is made (assuming you know when this is done), look at the log file for a drop on port 3306.
- If this is seen, you will want to add an exception for this port.
-
There is one more command to check the firewall state
(Updated for Windows 7 users -- as referred byNick
below -- use netsh advfirewall firewall)netsh firewall show state
- this will list the blocked ports as well as active listening ports with application associations
-
This command will dump the Windows firewall configuration detail
netsh firewall show config
If you have an active block (incoming connections are being dropped by firewall) after you start logging, you should see that in the log.
If you are running an application/service that is listening on 3306, the firewall config should show it to be Enabled. If this is not seen, you have probably missed adding an exception with the firewall to allow this app/service.
Finally, port 3306 is typically used for MySQL. So, I presume you are running MySQL server on this windows machine. You should therefore see a listener for 3306 accepting incoming connections. If you do not see that, you need to work with your application (MySQL) to get that started first.
NETSTAT
will tell you if the port is listening but it will not tell you if the port is open to the outside world. What I mean by this is that NETSTAT
may show that the 0.0.0.0 is LISTENING on port 3306 but a firewall may still be blocking that port which is preventing outside connections; so it isn't sufficient to rely on NETSTAT
alone.
The best way to check if a port is blocked is to do a port scan from the client machine.
There are many ways to do a port scan but since you mentioned being on Windows then I will suggest the Microsoft command line utility PortQry
and the Graphical version PortQryUI
To test all open ports:
portqry.exe -n #.#.#.#
To test a specific port:
portqry.exe -n #.#.#.# -e #
For example to test the Web interface of a router at 192.168.1.1:
portqry.exe -n 192.168.1.1 -e 80
Which returns:
TCP port 80 (http service): LISTENING
Where as testing on a local machine with no HTTPD running returns:
TCP port 80 (http service): NOT LISTENING
Using a PortScan utility you will get one of 3 results.
-
Listening
means the server is listening on the specified port -
Filtered
means it received a TCP acknowledgement packet with the Reset flag set which likely indicates a firewall or software issue -
Not Listening
means it didn't receive a response at all
telnet
is another command line option that is usually installed on the OS by default. This command line utility can be used a quick way to see if a port responds to a network request.
To use telnet
you would simply issue the following command from a command prompt:
telnet localhost 3306
The command above should give you a quick indication if the port 3306
on the localhost
is responding.
Since PowerShell 4.0 you can use the command Test-NetConnection
If you want to test Port 3306 as in your example the command is
Test-NetConnection -ComputerName localhost -Port 3306
TechNet Test-NetConnection documentation