How to Find and Manage Network Connections in Windows 11 Using PowerShell and CMD

If you’re using Windows 11 and want to monitor or troubleshoot network connections, there are powerful built-in tools at your disposal. Whether you’re interested in TCP or UDP connections, both PowerShell and the Command Prompt (CMD) offer effective methods for identifying processes that are using specific ports. In this blog post, we’ll explore various commands to achieve this, providing multiple solutions based on your needs.

Finding TCP Connections with PowerShell

To find out which process is using a specific TCP port in Windows 11, you can use the following PowerShell command:

Get-Process -Id (Get-NetTCPConnection -LocalPort YourPortNumberHere).OwningProcess

Example

If you want to check which process is using port 3814, run:

Get-Process -Id (Get-NetTCPConnection -LocalPort 3814).OwningProcess

This command retrieves the owning process of the TCP connection on port 3814 and displays details about it, including the Process ID (PID), which can be useful if you decide to terminate the process later.

Terminating a Process

Once you have the PID, you can terminate the process using:

taskkill /PID <pid>

Replace <pid> with the actual Process ID you obtained from the previous command.

Finding UDP Connections with PowerShell

Similar to TCP, you can also find UDP connections using PowerShell:

Get-Process -Id (Get-NetUDPEndpoint -LocalPort YourPortNumberHere).OwningProcess

Example

To find out which process is using port 3814 for UDP, run:

Get-Process -Id (Get-NetUDPEndpoint -LocalPort 3814).OwningProcess

As with TCP, this will return the details of the process associated with the specified UDP port.

Using CMD to Display Network Connections

If you prefer using the Command Prompt, you can use the netstat command to view all active connections and listening ports:

netstat -a -b

Command Options Explained

• -a: Displays all connections and listening ports.
• -b: Displays the executable involved in creating each connection or listening port. Note that this option may take some time and requires sufficient permissions.
• -n: Displays addresses and port numbers in numerical form, which speeds up the command by avoiding hostname resolution.
• -o: Displays the owning process ID associated with each connection.

Example with CMD

To view all connections and the processes associated with them, you can use:

netstat -a -b

If you want to speed up the output and avoid resolving hostnames, run:

netstat -anb

Interpreting the Output

The output will list active TCP and UDP connections along with the associated executable names. In some cases, if an executable hosts multiple components, you’ll see the executable name in brackets at the bottom, showing the sequence of components that led to the connection.

Alternative Tools: TCPView

While the command-line tools are powerful, some users may prefer graphical interfaces for monitoring network activity. TCPView from Microsoft Sysinternals is an excellent alternative. It provides a user-friendly interface to view active connections, including the PID and process name.

In Windows 11, monitoring TCP and UDP connections can be easily achieved using PowerShell and CMD. Whether you prefer the command line or a graphical interface, you have several options to choose from. With these tools, you can manage your network connections effectively, ensuring your system runs smoothly.