HomeSecurity ToolsPort Scanner
Security Tool

Port Scanner

Scan any IP address or domain for open ports. Check common ports or specify a custom range to identify running services and potential vulnerabilities.

How to Use

Use Port Scanner in 4 Steps

01
Enter host
Type the IP address or domain name you want to scan.
02
Select ports
Choose to scan common ports or enter a custom range.
03
Start scan
Click scan to initiate connection attempts to the target.
04
Review results
See which ports are open, closed, or filtered.

What is a Port Scanner?

A port scanner is a network diagnostic tool that probes a host for open, closed, or filtered TCP/UDP ports. Every networked service — a web server, database, SSH daemon, mail server — listens on a specific port number. A port scan reveals which services are running and reachable on a target host, making it essential for network inventory, firewall audits, and security assessments.

Port numbers range from 0 to 65535. They are divided into three ranges: well-known ports (0–1023) assigned by IANA to standard services, registered ports (1024–49151) used by application software, and dynamic/ephemeral ports (49152–65535) used for temporary client connections.

Port scanners work by attempting TCP connections or sending UDP probes to each target port. The response — or lack of one — determines the port state. Online port scanners like this one run from a neutral vantage point in a data centre, so results reflect what the public internet sees, not your local network's view. This is valuable for verifying that firewall rules are working as intended and that services are not inadvertently exposed.

Security teams use port scanning as the first step of network reconnaissance during penetration tests and vulnerability assessments. System administrators use it to audit which services are exposed after configuration changes. Note: always scan only systems you own or have written authorisation to test.

Port States Explained

A port scanner categorises each port into one of three states based on the response to a probe.

StateWhat It MeansTypical Cause
OpenA service is actively accepting connections on this portRunning daemon (nginx, sshd, mysqld)
ClosedPort is reachable but no service is listeningService stopped; port not in use
FilteredA firewall is blocking probes — no response receivediptables rule, security group, or WAF drop

Filtered ports are not necessarily a problem — most internet-facing servers should filter all ports except those required for their services. An unexpected open port is more likely to be a concern.

Common Port Reference

The table below lists the most commonly scanned ports and the services they carry. Open ports beyond your expected set warrant investigation.

PortProtocolServiceRisk if Open Unexpectedly
21TCPFTPHigh — unencrypted file transfer, credential exposure
22TCPSSHMedium — brute-force target; restrict to known IPs
23TCPTelnetCritical — plaintext login; must be disabled
25TCPSMTPMedium — open relay risk if misconfigured
53TCP/UDPDNSMedium — open resolver enables DDoS amplification
80TCPHTTPLow — expected for web servers; ensure redirects to 443
110TCPPOP3High — plaintext email retrieval; use 995 (POP3S)
143TCPIMAPHigh — plaintext email access; use 993 (IMAPS)
443TCPHTTPSLow — expected; verify certificate is valid
445TCPSMBCritical — WannaCry vector; never expose to internet
3306TCPMySQLCritical — database must not be internet-facing
3389TCPRDPCritical — brute-force and BlueKeep target; firewall off
5432TCPPostgreSQLCritical — database; bind to localhost only
6379TCPRedisCritical — unauthenticated by default; firewall required
8080TCPHTTP AltMedium — dev/proxy port; check if intentional
8443TCPHTTPS AltLow — alternative HTTPS; verify certificate
27017TCPMongoDBCritical — no auth by default in older versions; firewall off

Ports 21, 23, 445, 3306, 3389, 5432, 6379, and 27017 should never be open to the public internet on production servers.

CLI Scanning Commands

For local network scanning or authorised penetration testing, nmap is the industry-standard tool:

# Scan common ports on a host
nmap google.com

# Scan specific ports
nmap -p 22,80,443,3306 example.com

# Scan a range of ports
nmap -p 1-1024 example.com

# TCP SYN scan (faster, requires root)
sudo nmap -sS example.com

# UDP scan (slower — stateless protocol)
sudo nmap -sU -p 53,123,161 example.com

# Detect service versions
nmap -sV -p 80,443 example.com

# Aggressive scan — OS, version, scripts, traceroute
sudo nmap -A example.com

# Quick check if a single port is open (no nmap needed)
nc -zv example.com 443 2>&1

# Bash one-liner to check port 22
timeout 3 bash -c '</dev/tcp/example.com/22' && echo "Open" || echo "Closed"

Frequently Asked Questions

What is the difference between open, closed, and filtered ports?
Open means a service is actively listening and accepting connections. Closed means the port is reachable but no service is listening — the OS sends a TCP RST. Filtered means a firewall is dropping the probe packets and returning no response, so the scanner cannot determine the state.
Is port scanning legal?
Port scanning systems you own or have written authorisation to test is legal in most jurisdictions. Scanning third-party systems without permission can violate the Computer Fraud and Abuse Act (US), Computer Misuse Act (UK), and equivalent laws in other countries. This tool scans your target from our servers — use it only on hosts you control.
Why do results differ between online and local scanners?
Online scanners show what the public internet can see — after your ISP, cloud provider firewall, and any edge CDN. Local scanners run from inside your network or VPN, bypassing those layers. A port may be open on your local network but filtered from the internet (correct behaviour), or open to the internet but blocked internally.
Why is port 80 open when my site uses HTTPS?
Most web servers keep port 80 open to redirect HTTP traffic to HTTPS (a 301 redirect). This is intentional and correct. The important thing is that the redirect is in place and the port is not serving content over plaintext.
What should I do if I find an unexpected open port?
First, identify what service is listening with nmap -sV -p <port> <host>. If it is a service you recognise, verify it is configured securely. If you do not recognise it, investigate with lsof -i :<port> or ss -tlnp | grep <port> on the host. Then close the port by stopping the service or adding a firewall rule.
How does port scanning differ from a vulnerability scanner?
Port scanning identifies which ports are open and what services are running — it is reconnaissance. Vulnerability scanning goes further: it identifies software versions, checks CVE databases, and tests for known exploits on those services. Port scanning is the first step; vulnerability scanning is the next layer of analysis.
Port States
OpenAccepting connections
ClosedRejecting connections
FilteredBlocked by firewall
Free Newsletter

Get guides like this by email

DNS, email auth, and security playbooks delivered when they publish. No spam.