Port Scanner
Online Open Port Checker Tool
Use our free port scanner to check open ports on any IP address or hostname. This online port scanner helps you scan ports, verify firewall rules, test port forwarding, and detect running services like HTTP, SSH, FTP, and MySQL.
Quick Answer: What Is a Port Scanner?
A port scanner is a network tool that sends connection requests to TCP or UDP ports on a target IP address to determine if they are open, closed, or filtered by a firewall. Use our free online port scanner to check if port is open, verify port forwarding configuration, and test firewall rules. Simply enter a hostname or IP address above to scan ports instantly.
Robert Harrison
OSINT & Network Utility Expert
Robert specializes in network security, port scanning, and firewall configuration. With extensive experience in penetration testing and network diagnostics, he helps users understand how to properly scan ports and secure their network infrastructure.
View All Articles by RobertWhat Is a Port Scanner and How Does It Work?
A port scanner is an essential network security tool that probes a server or host to discover which TCP or UDP ports are open and accepting connections. When you use our free online port scanner, it sends connection requests to specified ports and analyzes the response to determine the port status.
Think of ports as doors into a computer. Each door is numbered from 0 to 65535, and different services use specific doors. For example, web servers typically listen on port 80 (HTTP) and port 443 (HTTPS), while SSH uses port 22. Our port checker helps you see which doors are open on any IP address.
When you scan ports, each port returns one of three statuses. An open port means a service is actively listening and ready to accept connections. A closed port means no service is running on that port. A filtered port means a firewall is blocking the probe, preventing the scanner from determining the true status.
Key Insight: According to Wikipedia's port number documentation, the first 1024 ports (0-1023) are called "well-known ports" and are reserved for common services like HTTP, FTP, and SMTP. Our port scanner tool includes all these critical ports in the common preset.
How to Check if Port Is Open: Step-by-Step Guide
Learning how to check if port is open on IP address is simple with our online port scanner. Follow these steps to scan open ports on IP address online:
Step 1: Enter the Target
Type the IP address or hostname you want to scan. You can use our "Scan My IP" button to check open ports on your own external connection. This external port checker feature shows you what ports are visible from the internet.
Step 2: Select Port Preset
Choose which ports to scan. Our port scanner offers several presets. The Common preset scans 14 most important ports including port 80, port 443, port 22, and port 3389. Web preset focuses on HTTP/HTTPS ports. Database preset checks MySQL, PostgreSQL, and other database ports.
Step 3: Run the Scan
Click "Scan Ports" and our TCP port scanner will probe each port. Within seconds, you'll see which ports are open, closed, or filtered. Green indicates open ports, red shows closed, and yellow means filtered by firewall.
Step 4: Analyze Results
Review your port scan results. Each port shows its number, status, service name (like HTTP or SSH), and response time for open ports. Use this information to verify your firewall configuration and ensure only necessary services are exposed.
Pro Tip: Use our port scanner along with the Ping Tool to first verify the host is reachable before scanning ports. If ping fails but you know the server is up, it may be blocking ICMP packets.
Common Ports and Their Services: Complete Reference
Understanding which services use which ports is essential for effective port scanning. Here's a comprehensive guide to the most important TCP ports you'll encounter:
Web Server Ports
- Port 80 (HTTP) - Standard web traffic. If open, a web server is likely running.
- Port 443 (HTTPS) - Secure encrypted web traffic. Most modern websites use this port.
- Port 8080 - Alternative HTTP port, often used for proxies or development servers.
Remote Access Ports
- Port 22 (SSH) - Secure Shell for encrypted remote access. Critical for Linux server management.
- Port 3389 (RDP) - Remote Desktop Protocol for Windows remote access.
- Port 5900 (VNC) - Virtual Network Computing for graphical remote control.
Database Ports
- Port 3306 (MySQL) - MySQL database server. Should be closed externally unless needed.
- Port 5432 (PostgreSQL) - PostgreSQL database server.
- Port 1433 (MSSQL) - Microsoft SQL Server database.
- Port 27017 (MongoDB) - MongoDB NoSQL database.
Email Ports
- Port 25 (SMTP) - Simple Mail Transfer Protocol for sending email.
- Port 110 (POP3) - Post Office Protocol for receiving email.
- Port 143 (IMAP) - Internet Message Access Protocol for email.
- Port 993/995 - Secure versions of IMAP and POP3.
File Transfer Ports
- Port 21 (FTP) - File Transfer Protocol. Often open on web servers.
- Port 22 (SFTP) - Secure file transfer over SSH.
- Port 445 (SMB) - Windows file sharing. Should be blocked externally.
Learn more about how ports work in our detailed guide on port forwarding and how it works.
How to Check if Port Forwarding Is Working
One of the most common uses for an external port checker is to test if port is open on remote server after configuring port forwarding on your router. Here's how to verify your port forwarding is working correctly:
Understanding Port Forwarding
Port forwarding tells your router to send incoming traffic on a specific port to a device inside your network. Without proper configuration, external connections cannot reach your internal server, game, or application. Our online port scanner for external IP helps verify this configuration.
Testing Your Port Forward
- First, ensure the service is running on your internal device and listening on the correct port.
- Find your public IP address using our homepage tool.
- Use our port scanner to scan your public IP for the forwarded port.
- If the port shows open, port forwarding is working!
- If closed or filtered, check your router settings and firewall.
Common Port Forwarding Issues
If our port checker shows your port as closed or filtered, check these common problems:
- Router firewall - Some routers have built-in firewalls that block forwarded ports.
- Windows/Linux firewall - The device's local firewall may be blocking the port.
- ISP blocking - Some ISPs block common ports like 25 (SMTP) or 80 (HTTP).
- Double NAT - If you have two routers, you need to forward on both.
- Service not running - The application must be actively listening on the port.
Security Warning: Only forward ports that are absolutely necessary. Every open port is a potential entry point for attackers. Keep your services updated and use strong authentication. For more network security tips, check our network documentation guide.
Check if Firewall Is Blocking Port: Troubleshooting Guide
When you need to check if firewall is blocking port, our port scanner provides valuable diagnostic information. A filtered result typically indicates firewall interference. Here's how to troubleshoot:
Understanding Filtered vs Closed
When a port is closed, the host actively refuses the connection. When filtered, the firewall drops packets silently, so our scanner cannot determine the port status. This is actually a security feature, as it makes port scanning harder for attackers.
Layers of Firewalls
Your connection may pass through multiple firewalls. Each layer can block ports:
- ISP Firewall - Your internet provider may block certain ports
- Router Firewall - Your home/office router has built-in rules
- OS Firewall - Windows Defender, iptables, or similar
- Application Firewall - Some apps have their own port restrictions
Testing Each Layer
To identify which firewall is blocking, temporarily disable each layer one at a time and re-run the port scan. Start with the device firewall, then check router rules. If still blocked, contact your ISP.
Use our DNS Lookup tool to verify the server exists and our WHOIS Lookup to check ownership information.
Port Scanning Security: Best Practices and Legal Considerations
Using a port scanner responsibly is crucial. While port scanning your own systems is completely legal, scanning others without permission can violate laws.
Legal Use of Port Scanners
- Scanning your own servers - Always permitted and recommended
- Authorized penetration testing - With written permission from the owner
- Network troubleshooting - Checking your own network configuration
- Verifying firewall rules - Testing your own security settings
What to Do When You Find Open Ports
When our port scanner reveals open ports on your server, evaluate each one:
- Is this port needed? - Close any port not actively required
- Is the service secured? - Ensure strong passwords and encryption
- Is it up to date? - Patch vulnerabilities in services
- Should it be public? - Use firewall rules to restrict access
Reducing Attack Surface
Every open port is a potential vulnerability. Follow these principles:
- Only expose ports that must be public
- Use non-standard ports for services when possible
- Implement rate limiting and fail2ban
- Regular port scanning to audit your own systems
Professional Tip: Schedule regular port scans of your infrastructure. Changes in open ports could indicate configuration drift or compromise. Document expected ports and investigate any unexpected open services immediately.
Port Scanner vs Other Network Diagnostic Tools
Understanding when to use a port scanner versus other network tools helps you diagnose issues efficiently:
Port Scanner vs Ping
Our Ping Tool checks if a host is reachable, while a port scanner probes specific services. A server might respond to ping but have all ports filtered, or block ping while having open ports. Use both for complete diagnostics.
Port Scanner vs Traceroute
Traceroute shows the path packets take to reach a host, while port scanning examines the destination itself. If our port checker times out, traceroute can reveal where the blockage occurs in the network.
Port Scanner vs Vulnerability Scanner
A port scanner finds open ports. A vulnerability scanner goes further, testing those open services for known security weaknesses. Our free port scanner is the first step in security auditing.
Complete Network Audit Workflow
- Start with Ping to verify host is reachable
- Use DNS Lookup to confirm name resolution
- Run port scan to identify open services
- Check WHOIS for ownership information
- Use Blacklist Check to verify IP reputation
Port Scanner Use Cases: When to Scan Ports
Our free online port scanner tool serves many practical purposes:
Server Administration
System administrators use port scanners to verify server configurations. After deploying a new web server, scan to confirm port 80 and port 443 are open. After hardening a server, scan to ensure unnecessary ports are closed.
Game Server Hosting
Gamers hosting multiplayer servers need specific ports open. Minecraft uses port 25565, Steam games often need 27015-27016. Use our Gaming preset to quickly check if your game server ports are accessible to players.
Remote Work Setup
Setting up remote access requires open ports. RDP needs port 3389, SSH uses port 22, VPN services have their own ports. Our external port checker confirms remote users can connect.
IoT Device Security
Smart home devices often expose ports that shouldn't be public. Scan your home IP to discover if IoT devices have accidentally exposed management interfaces to the internet.
Web Development
Developers use port scanning to verify development servers and databases are properly configured. Check if your staging server has port 3000 or 8080 open for testing.
TCP vs UDP Port Scanning: Understanding the Difference
When you use a network port scanner, it's important to understand the difference between TCP and UDP port scanning. These two protocols work differently, and each requires distinct scanning techniques.
TCP Port Scanning
TCP (Transmission Control Protocol) is connection-oriented. When our TCP port scanner probes a port, it attempts to complete a three-way handshake. If successful, the port is open. If the server responds with a reset, it's closed. If there's no response, it's filtered. This makes TCP scanning reliable and accurate.
UDP Port Scanning Challenges
UDP (User Datagram Protocol) is connectionless. When scanning UDP ports, there's no handshake, so open ports might not respond at all. This makes UDP scanning less reliable over the internet. An open UDP port might appear filtered because it simply didn't respond.
Common TCP Services
Most critical services use TCP. HTTP (port 80/443), SSH (port 22), FTP (port 21), SMTP (port 25), MySQL (port 3306), and RDP (port 3389) all rely on TCP. Our online port scanner focuses on TCP because it covers 95%+ of services you'll need to check.
Common UDP Services
Some services use UDP for speed. DNS (port 53), DHCP, VoIP, online gaming, and streaming often use UDP. If you need to test UDP ports, specialized tools are required beyond web-based scanners.
Pro Tip: For comprehensive network security auditing, scan TCP ports first with our online port scanner, then use command-line tools like nmap for UDP scanning on your local network. Most vulnerabilities and services you'll encounter use TCP.
Advanced Port Scanning Techniques for Professionals
Beyond basic port scanning, network security professionals use advanced techniques to detect hidden services and evade firewall detection.
Full Port Range Scanning
While our presets cover common ports, a complete audit should scan all 65,535 TCP ports. Services can run on any port number. Attackers often hide malicious services on high, uncommon port numbers. Use our custom port range feature to scan specific ranges systematically.
Service Version Detection
Knowing a port is open is step one. Professional scanners also identify the exact software version running. For example, not just "SSH on port 22" but "OpenSSH 8.2" specifically. This helps identify known vulnerabilities in specific versions.
Banner Grabbing
Many services send a "banner" when you connect. This banner often reveals software name, version, and configuration. Our port scanner shows basic service information; professional penetration testing tools extract detailed banners.
Stealth Scanning
Some scanners use techniques to avoid detection. SYN scans don't complete the full TCP handshake, making them harder for firewalls to log. However, modern security systems detect these techniques. Our web-based scanner uses standard connection attempts for reliability.
Scheduled Scanning
Security best practice is to scan your infrastructure regularly. Schedule weekly or monthly port scans and compare results. New open ports could indicate unauthorized changes or compromise. Document your expected port configuration and investigate deviations.
Security Note: Comprehensive port scanning should be part of your regular security routine. Combine our free port scanner with our IP Blacklist Check to ensure your server hasn't been compromised and added to spam lists.
Port Scanner: Frequently Asked Questions
Q What is a port scanner used for?
A port scanner is used to check open ports on IP addresses and servers. It helps verify firewall rules, test port forwarding, identify running services, and audit network security. System administrators, developers, and security professionals use port scanners for troubleshooting and security assessment.
Q How do I check if a specific port is open?
Enter the IP address or hostname in our port scanner, select "Custom" preset, and enter your specific port number (like 80, 443, or 3389). Click "Scan Ports" and the tool will show if that port is open, closed, or filtered by a firewall.
Q What does it mean when a port is filtered?
A filtered port means a firewall is blocking the connection attempt. The port scanner cannot determine if the port is open or closed because packets are being dropped silently. Check your firewall rules, router settings, or ISP restrictions.
Q Is port scanning legal?
Port scanning your own servers and IP addresses is legal and recommended for security. Scanning others' systems without authorization may violate computer fraud laws. Always ensure you have permission before scanning any IP you don't own or administer.
Q Why is port 80 showing closed on my web server?
If port 80 appears closed, check that your web server (Apache, Nginx) is running and listening on that port. Also verify your firewall allows traffic on port 80, and if using cloud hosting, check security group settings. Many servers now redirect HTTP to HTTPS on port 443.
Q How many ports can I scan at once?
Our free port scanner allows up to 50 ports per scan. Use presets for common configurations, or enter custom port ranges like "80-100" for continuous ranges. For extensive scanning, run multiple scans with different port ranges.
Q Can this port scanner detect UDP ports?
Our online port scanner performs TCP port scanning, which covers most common services like HTTP, SSH, FTP, and databases. UDP port scanning is less reliable over the internet and requires different techniques. Most web-accessible services use TCP.
Q Is this port scanner tool free to use?
Yes, our port scanner is 100% free with no registration required. You can scan any IP address or hostname unlimited times. It's the easiest free online port scanner tool to check open ports and verify firewall configurations from your browser. Explore our complete tools directory for more network utilities.
Related Network Diagnostic Tools
Complete your network security audit with our comprehensive toolkit.
Scan Your Ports Now
Free Online Port Scanner Tool
Check open ports, test firewall rules, and verify port forwarding instantly. Our free port scanner helps you secure your network and troubleshoot connectivity issues.