Port Scanner
Scan any IP address or domain for open ports. Check common ports or specify a custom range to identify running services and potential vulnerabilities.
Use Port Scanner in 4 Steps
What is a Port Scanner?
A port scanner is a network diagnostic tool that probes a host for open, closed, or filtered TCP/UDP ports. Every networked service — a web server, database, SSH daemon, mail server — listens on a specific port number. A port scan reveals which services are running and reachable on a target host, making it essential for network inventory, firewall audits, and security assessments.
Port numbers range from 0 to 65535. They are divided into three ranges: well-known ports (0–1023) assigned by IANA to standard services, registered ports (1024–49151) used by application software, and dynamic/ephemeral ports (49152–65535) used for temporary client connections.
Port scanners work by attempting TCP connections or sending UDP probes to each target port. The response — or lack of one — determines the port state. Online port scanners like this one run from a neutral vantage point in a data centre, so results reflect what the public internet sees, not your local network's view. This is valuable for verifying that firewall rules are working as intended and that services are not inadvertently exposed.
Security teams use port scanning as the first step of network reconnaissance during penetration tests and vulnerability assessments. System administrators use it to audit which services are exposed after configuration changes. Note: always scan only systems you own or have written authorisation to test.
Port States Explained
A port scanner categorises each port into one of three states based on the response to a probe.
| State | What It Means | Typical Cause |
|---|---|---|
| Open | A service is actively accepting connections on this port | Running daemon (nginx, sshd, mysqld) |
| Closed | Port is reachable but no service is listening | Service stopped; port not in use |
| Filtered | A firewall is blocking probes — no response received | iptables rule, security group, or WAF drop |
Filtered ports are not necessarily a problem — most internet-facing servers should filter all ports except those required for their services. An unexpected open port is more likely to be a concern.
Common Port Reference
The table below lists the most commonly scanned ports and the services they carry. Open ports beyond your expected set warrant investigation.
| Port | Protocol | Service | Risk if Open Unexpectedly |
|---|---|---|---|
| 21 | TCP | FTP | High — unencrypted file transfer, credential exposure |
| 22 | TCP | SSH | Medium — brute-force target; restrict to known IPs |
| 23 | TCP | Telnet | Critical — plaintext login; must be disabled |
| 25 | TCP | SMTP | Medium — open relay risk if misconfigured |
| 53 | TCP/UDP | DNS | Medium — open resolver enables DDoS amplification |
| 80 | TCP | HTTP | Low — expected for web servers; ensure redirects to 443 |
| 110 | TCP | POP3 | High — plaintext email retrieval; use 995 (POP3S) |
| 143 | TCP | IMAP | High — plaintext email access; use 993 (IMAPS) |
| 443 | TCP | HTTPS | Low — expected; verify certificate is valid |
| 445 | TCP | SMB | Critical — WannaCry vector; never expose to internet |
| 3306 | TCP | MySQL | Critical — database must not be internet-facing |
| 3389 | TCP | RDP | Critical — brute-force and BlueKeep target; firewall off |
| 5432 | TCP | PostgreSQL | Critical — database; bind to localhost only |
| 6379 | TCP | Redis | Critical — unauthenticated by default; firewall required |
| 8080 | TCP | HTTP Alt | Medium — dev/proxy port; check if intentional |
| 8443 | TCP | HTTPS Alt | Low — alternative HTTPS; verify certificate |
| 27017 | TCP | MongoDB | Critical — no auth by default in older versions; firewall off |
Ports 21, 23, 445, 3306, 3389, 5432, 6379, and 27017 should never be open to the public internet on production servers.
CLI Scanning Commands
For local network scanning or authorised penetration testing, nmap is the industry-standard tool:
# Scan common ports on a host
nmap google.com
# Scan specific ports
nmap -p 22,80,443,3306 example.com
# Scan a range of ports
nmap -p 1-1024 example.com
# TCP SYN scan (faster, requires root)
sudo nmap -sS example.com
# UDP scan (slower — stateless protocol)
sudo nmap -sU -p 53,123,161 example.com
# Detect service versions
nmap -sV -p 80,443 example.com
# Aggressive scan — OS, version, scripts, traceroute
sudo nmap -A example.com
# Quick check if a single port is open (no nmap needed)
nc -zv example.com 443 2>&1
# Bash one-liner to check port 22
timeout 3 bash -c '</dev/tcp/example.com/22' && echo "Open" || echo "Closed"Frequently Asked Questions
Get guides like this by email
DNS, email auth, and security playbooks delivered when they publish. No spam.