Skip to Content

How to Open Port 3389 for Remote Desktop Protocol

By: Author Alex Lim

Posted on

Categories Networking

Remote Desktop Protocol (RDP) is a way to remotely access a Windows system using a graphical user interface. It is useful for people who use multiple computers for work or want to access their PC from anywhere.

However, to use RDP, you need to open port 3389 on your firewall and router. This article will explain how to do that and what are the security risks involved.

What is Port 3389 and Why Do You Need to Open It?

Port 3389 is the default port used by RDP to communicate between the client and the server. It is a TCP port, which means it uses a reliable and ordered data transmission method. It also uses a UDP port, which is faster and more efficient, but less reliable and ordered. UDP port 3389 enables acceleration since RDP 8.0.

To use RDP, you need to open port 3389 on your Windows firewall and your router. This will allow incoming and outgoing traffic on that port and enable you to connect to your PC remotely. However, opening port 3389 also exposes your PC to potential attacks from hackers who can scan for open ports and try to break into your system.

How to Open Port 3389 on Windows Firewall

To open port 3389 on Windows firewall, follow these steps:

  1. Go to Windows Settings and click on Update & Security.
  2. Click on Windows Security and then Firewall & network protection.
  3. Click on Allow an app through firewall.
  4. Click on Change settings and search for Remote Desktop from the list.
  5. Check the box for Private if you want to allow RDP on the local network only, or Public if you want to allow it over the Internet as well.
  6. Click OK to save the changes.

How to Open Port 3389 on Windows Firewall

How to Open Port 3389 on Router

To open port 3389 on your router, you need to access its web interface and configure port forwarding. Port forwarding is a way to redirect incoming traffic from a specific port to a specific device on your network. The steps may vary depending on your router model, but here is a general guide:

  1. Find out your router’s IP address and your PC’s local IP address. You can do this by opening Command Prompt and typing ipconfig. Your router’s IP address is usually the Default Gateway, and your PC’s IP address is the IPv4 Address.
  2. Open your web browser and enter your router’s IP address in the address bar. You may need to enter a username and password to log in to your router. If you don’t know them, check your router’s manual or look for a sticker on the back of your router.
  3. Look for a section called Port Forwarding, Port Triggering, Virtual Server, or something similar. You may need to navigate through different menus to find it.
  4. Create a new port forwarding rule and enter the following information:
    • Service Name: RDP or Remote Desktop
    • Protocol: TCP and UDP
    • External Port: 3389
    • Internal Port: 3389
    • Internal IP Address: Your PC’s local IP address
  5. Save the rule and restart your router if needed.

How to Change the Default Port of RDP

If you want to increase the security of your RDP connection, you can change the default port of RDP from 3389 to something else. This will make it harder for hackers to find your open port and attempt to access your PC. However, you will also need to update your firewall and router settings accordingly, and specify the new port when connecting to your PC remotely. To change the default port of RDP, follow these steps:

  1. Open Registry Editor by pressing Windows key + R and typing regedit.
  2. Navigate to the following key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp Navigate to the following key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
  3. Double-click on the PortNumber value and change the Base to Decimal.
  4. Enter a new port number between 1024 and 65535 and click OK. Enter a new port number between 1024 and 65535 and click OK.
  5. Close Registry Editor and restart your PC.

How to Check if Port 3389 is Open and Listening

To check if port 3389 is open and listening on your PC, you can use a tool called netstat. Netstat is a command-line utility that displays network connections and statistics. To use netstat, follow these steps:

  1. Open Command Prompt as administrator by pressing Windows key + X and selecting Command Prompt (Admin).
  2. Type netstat -a -n -o and press Enter.
  3. Look for a line that has 0.0.0.0:3389 or [::]:3389 in the Local Address column and LISTENING in the State column. This means that port 3389 is open and listening for incoming connections.
  4. Note the PID (Process ID) of the process that is listening on port 3389. You can use this to identify the program that is using the port.
  5. To find out the name of the program that is using the port, open Task Manager by pressing Ctrl + Shift + Esc and go to the Details tab.
  6. Look for the process that has the same PID as the one you noted from netstat and check its Name and Description columns. It should be svchost.exe and Remote Desktop Services, respectively.

Conclusion

RDP is a convenient way to remotely access your PC, but it also requires opening port 3389 on your firewall and router. This can expose your PC to potential attacks, so you should take some precautions to secure your RDP connection.

You can change the default port of RDP, use a strong password, enable encryption, and limit the access to specific users and devices. You can also use a VPN or a third-party service to access your PC remotely without opening port 3389.