| title | How to Close TCP and UDP Ports via Windows Command Line | |||||
|---|---|---|---|---|---|---|
| excerpt | Learn how to close open ports on Windows using command-line tools. Find and terminate processes listening on ports, manage Windows Firewall rules, and stop services to free up ports. | |||||
| category |
|
|||||
| date | 2025-03-28 | |||||
| publishedAt | 2025-03-28T13:00:00Z | |||||
| updatedAt | 2025-03-28T13:00:00Z | |||||
| readingTime | 7 min read | |||||
| author |
|
|||||
| tags |
|
When a port is in use on Windows, you might need to close it to free it for another application, resolve conflicts, or improve security. Unlike Linux where you can directly kill processes bound to ports, Windows requires identifying the process first, then either stopping it or blocking the port via firewall rules.
This guide shows you how to find what's using a port and close it using Windows command-line tools.
Find the process using a port with netstat -ano | findstr :PORT, then kill it with taskkill /PID <pid> /F. To block a port with Windows Firewall, use netsh advfirewall firewall add rule to create a blocking rule. For services, use net stop or sc stop to stop the service listening on the port.
You need administrative privileges (Run as Administrator) for most port-closing operations. Basic familiarity with Windows Command Prompt or PowerShell helps.
Before closing a port, identify which process is using it.
netstat -ano | findstr :8080Output:
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING 4532
TCP [::]:8080 [::]:0 LISTENING 4532
The last column (4532) is the Process ID (PID).
Get-NetTCPConnection -LocalPort 8080Output shows more detail:
LocalAddress LocalPort RemoteAddress RemotePort State OwningProcess
------------ --------- ------------- ---------- ----- -------------
0.0.0.0 8080 0.0.0.0 0 Listen 4532
Once you have the PID, find which program it is:
tasklist | findstr 4532Output:
node.exe 4532 Console 1 45,234 K
Or get more details with PowerShell:
Get-Process -Id 4532Once you know the PID, terminate the process to free the port.
taskkill /PID 4532 /FThe /F flag forces termination.
Or kill by process name:
taskkill /IM node.exe /FThis kills all instances of node.exe.
Stop-Process -Id 4532 -ForceOr by name:
Stop-Process -Name "node" -Forcenetstat -ano | findstr :8080No output means the port is now free.
If a Windows Service is using the port, stop the service rather than killing the process.
sc query | findstr /C:"SERVICE_NAME"Or use PowerShell to find services by PID:
Get-WmiObject Win32_Service | Where-Object {$_.ProcessId -eq 4532} | Select Name, DisplayNamenet stop "Service Name"Or using sc:
sc stop ServiceNamePowerShell alternative:
Stop-Service -Name "ServiceName"# Stop IIS (uses port 80/443)
iisreset /stop
# Stop SQL Server (port 1433)
net stop MSSQLSERVER
# Stop Remote Desktop (port 3389)
net stop TermServiceInstead of killing processes, block ports using firewall rules.
netsh advfirewall firewall add rule name="Block Port 8080" dir=in action=block protocol=TCP localport=8080This prevents any inbound connections to port 8080.
netsh advfirewall firewall add rule name="Block Outbound 8080" dir=out action=block protocol=TCP localport=8080netsh advfirewall firewall add rule name="Block UDP 53" dir=in action=block protocol=UDP localport=53netsh advfirewall firewall delete rule name="Block Port 8080"netsh advfirewall firewall show rule name=allOr filter for specific port:
netsh advfirewall firewall show rule name=all | findstr 8080New-NetFirewallRule -DisplayName "Block Port 8080" -Direction Inbound -LocalPort 8080 -Protocol TCP -Action BlockRemove-NetFirewallRule -DisplayName "Block Port 8080"Get-NetFirewallRule | Where-Object {$_.LocalPort -eq 8080}IIS (Internet Information Services):
# Stop IIS
iisreset /stop
# Or stop specific site
%windir%\system32\inetsrv\appcmd stop site "Default Web Site"Apache:
# Stop Apache service
net stop Apache2.4
# Or if running from command line
httpd -k stopSQL Server:
net stop MSSQLSERVERMySQL:
net stop MySQL80PostgreSQL:
net stop postgresql-x64-13Node.js applications:
# Find all node processes
tasklist | findstr node.exe
# Kill them
taskkill /IM node.exe /FPython Flask/Django:
tasklist | findstr python.exe
taskkill /IM python.exe /FIf you get "Access Denied" when trying to kill a process:
-
Run as Administrator: Right-click Command Prompt or PowerShell and select "Run as administrator"
-
Check if it's a system process: Some processes are protected. Use Process Explorer to see if it's a critical system process.
-
Stop the parent service: If the process is started by a service, stop the service instead.
Some processes automatically restart. To prevent this:
sc config ServiceName start= disabled
net stop ServiceNameFor applications that start automatically:
- Open Task Manager (Ctrl+Shift+Esc)
- Go to Startup tab
- Disable the application
Or via command line:
Get-CimInstance -ClassName Win32_StartupCommand | Select-Object Name, Location, CommandAfter killing a process, the port might remain in TIME_WAIT:
netstat -ano | findstr :8080Output:
TCP 127.0.0.1:8080 127.0.0.1:54321 TIME_WAIT 0
TIME_WAIT connections clear automatically within 30-120 seconds. To force it:
# Restart TCP/IP stack (requires admin)
netsh int ip resetThen restart your computer.
If multiple processes share a port:
netstat -ano | findstr :80Kill each PID:
taskkill /PID 1234 /F
taskkill /PID 5678 /FIf netstat shows a port in use but you can't find the process:
# Show all processes including system
netstat -anobThe -b flag shows the executable name (requires admin).
# kill-port.ps1
param([int]$Port)
$process = Get-NetTCPConnection -LocalPort $Port -ErrorAction SilentlyContinue | Select-Object -ExpandProperty OwningProcess -Unique
if ($process) {
Stop-Process -Id $process -Force
Write-Host "Killed process $process using port $Port"
} else {
Write-Host "No process found using port $Port"
}Usage:
.\kill-port.ps1 -Port 8080@echo off
REM kill-port.bat
SET PORT=%1
FOR /F "tokens=5" %%P IN ('netstat -ano ^| findstr :%PORT%') DO (
taskkill /PID %%P /F
)Usage:
kill-port.bat 8080Don't kill critical system processes: Processes like svchost.exe, System, or csrss.exe are critical. Killing them can crash Windows.
Check what you're stopping: Before killing a process, verify it's safe to terminate.
Use firewall rules for security: If you want to prevent access to a port, use firewall rules rather than constantly killing processes.
Monitor for malware: If unknown processes are binding to ports, scan for malware.
Closing ports on Windows involves finding the process using the port and either terminating it, stopping its service, or blocking the port via firewall rules. Use netstat or PowerShell to identify the process, taskkill or Stop-Process to terminate it, and netsh or New-NetFirewallRule to block ports. Always verify you're not stopping critical system processes before proceeding.