Check whether a TCP port is open, closed, or filtered on any public host. Instantly verify firewall rules, service availability, and network accessibility.
See exactly whether the port accepts connections or is blocked by a firewall
Test any port 1–65535 — SSH, HTTP, database, custom services
Check from outside your network — confirms what external users actually see
Check whether a TCP port is open on any public host. Useful for verifying firewall rules, server accessibility, and service availability.
Attempting TCP connection...
| Port | Service | Description |
|---|---|---|
| 20–21 | FTP | File Transfer Protocol — data (20) and control (21) |
| 22 | SSH | Secure Shell — encrypted remote terminal access |
| 23 | Telnet | Unencrypted remote terminal (deprecated — use SSH) |
| 25 | SMTP | Email delivery between servers |
| 53 | DNS | Domain Name System — UDP and TCP |
| 80 | HTTP | Unencrypted web traffic |
| 110 | POP3 | Post Office Protocol — retrieve email |
| 143 | IMAP | Internet Message Access Protocol — email |
| 443 | HTTPS | Encrypted web traffic (TLS) |
| 465 | SMTPS | SMTP with implicit TLS (email submission) |
| 587 | SMTP submission | Recommended port for email client submission |
| 993 | IMAPS | IMAP with TLS |
| 995 | POP3S | POP3 with TLS |
| 3306 | MySQL | MySQL / MariaDB database |
| 5432 | PostgreSQL | PostgreSQL database |
| 6379 | Redis | Redis in-memory data store |
| 8080 | HTTP alt | Common alternative port for HTTP services |
| 8443 | HTTPS alt | Common alternative port for HTTPS |
| 27017 | MongoDB | MongoDB document database |
A TCP port check performs a three-way handshake: the checker sends a SYN packet to the target host and port. Three outcomes are possible:
Host replies with SYN-ACK. A service is listening and the firewall permits the connection. The check immediately sends RST to close gracefully.
Host replies with RST. The host is reachable but no service is listening on that port. No firewall is blocking — the connection just has nothing to connect to.
No response received. A firewall, security group, or ACL silently drops the SYN packet. The host may be up — the traffic just never reaches it.
A port is open when a TCP connection can be established — the target host accepted the connection. This means a service is actively listening on that port and the firewall allows the traffic through. Open does not mean the service is necessarily healthy or authenticated, only that the TCP handshake succeeded.
Closed means the host sent a TCP RST (reset) packet, actively refusing the connection. The port is reachable but no service is listening. Filtered (shown as timeout) means no response arrived — the packet was silently dropped by a firewall or access control list. The distinction matters: closed means the host is up, filtered means a firewall is in the path.
Most ISPs and cloud providers block outbound port 25 to prevent spam. Email servers receive inbound mail on port 25 but clients should submit email using port 587 (SMTP submission with authentication). If you are setting up a mail server, check that your hosting provider allows inbound port 25 from other mail servers.
Nmap is a powerful local tool that can scan many ports simultaneously, detect OS and services, and use various techniques. This tool checks a single port from the server side using a simple TCP connect — useful for quick verification without installing software. For comprehensive security scanning of your own infrastructure, use nmap locally.
This tool only makes a standard TCP connection attempt — the same as any normal network request. You should only test ports on hosts you own or have permission to test. Unauthorized port scanning may violate terms of service or local laws.
Well-known ports are 0–1023, assigned by IANA to standard services (SSH=22, HTTP=80, HTTPS=443). Registered ports are 1024–49151, assigned to specific applications. Ephemeral ports are 49152–65535, used temporarily by clients for outbound connections. When you open a webpage, your browser uses a random ephemeral port as the source and connects to the server's port 443.
Real ICMP pings from global probes — start here to confirm basic reachability.
Trace the path to a host and find where packets stop or slow down.
Query A, MX, TXT, NS, CNAME records for any domain.
Look up the country, city, and ISP for any IP address.
Validate IPv4 and IPv6 addresses and CIDR notation.
Simulate routing table lookups and understand longest-prefix matching.