Free Online Port Scanner & Port Checker
Type an IP address or domain name into the Target Address field, pick a scan mode — single port, port range, or a preset like Web Services — and hit Scan. You'll get back the port status (open, closed, or filtered), the detected service running on it, and the response time in milliseconds. Need to check your own machine? Click Use My IP and your public IP fills in automatically.
Fast Port Scanning
Get port status, service detection, and response times back in seconds. Scan single ports or ranges up to 50 at a time.
Service Detection
Each open port shows the service running behind it — HTTP, SSH, MySQL, and more — along with banner info when available.
Free, No Signup
No account needed. No rate-walled premium tier. Run your scans directly from the browser on any device.
Network Security Fundamentals
Understanding Port States
When you run a port scan, each port returns one of three states. Knowing what they mean helps you diagnose connectivity and security issues:
A service is actively listening and accepting connections on this port.
The port is reachable but no service is listening — the host actively refused the connection.
A firewall or security device is blocking traffic, so the port state can't be determined.
Common Attack Vectors
Open ports are potential entry points. Regular port scanning helps you catch services you didn't mean to expose:
- Unpatched services — old software on open ports with known CVEs
- Default credentials — admin panels or databases left with factory passwords
- Unnecessary exposure — development or debug ports open in production
- Protocol weaknesses — Telnet (23), FTP (21), or other unencrypted protocols
DevOps & Cloud Infrastructure Ports
Modern infrastructure relies on many services communicating over specific ports. Here are the ones you'll encounter most:
Container & Orchestration
| Service | Port |
|---|---|
| Docker API | 2375/2376 |
| Kubernetes API | 6443 |
| Kubelet | 10250 |
| etcd | 2379/2380 |
Databases
| Service | Port |
|---|---|
| PostgreSQL | 5432 |
| MySQL | 3306 |
| MongoDB | 27017 |
| Redis | 6379 |
Scanning Techniques
TCP Connect Scan
The default method used by this tool. It completes a full TCP three-way handshake — SYN, SYN-ACK, ACK — and is the most reliable way to determine port state. Works through proxies and doesn't require special privileges.
SYN (Half-Open) Scan
Sends only a SYN packet without completing the handshake. Faster and stealthier than a full connect scan, but requires raw socket access. Commonly used by tools like nmap with -sS.
Command Line Quick Reference
# Linux / macOS
nc -zv example.com 80
nmap -sT -p 22,80,443 example.com
# Windows PowerShell
Test-NetConnection -ComputerName example.com -Port 443
Network Troubleshooting
Debugging Connection Issues
Timeout
Usually means a firewall is silently dropping packets. Check security groups, iptables rules, and routing tables.
Connection Refused
Port is reachable but nothing is listening. Verify the service is running and bound to the right interface.
Filtered
An intermediate device (firewall, IPS) is intercepting traffic. Common with deep packet inspection appliances.
Response Time Benchmarks
Security Best Practices
Zero Trust & Least Privilege
Principle of Least Privilege
- Open only necessary ports for each service
- Implement port-based access controls
- Audit exposed services regularly
- Automate port scanning for compliance
Network Segmentation
- Isolate critical services on dedicated VLANs
- Use micro-segmentation for containers
- Implement jump hosts for admin access
- Monitor east-west traffic patterns
Industry-Specific Port Scanning
Healthcare (HIPAA)
- DICOM imaging: 104, 2761, 2762
- HL7 interfaces: 2575, 6661
- Medical device telemetry
Finance (PCI DSS)
- Payment gateways: 443, 8443
- HSM interfaces: 1792, 9004
- Trading systems: custom ranges
Manufacturing (ICS)
- Modbus TCP: 502
- DNP3: 19999, 20000
- EtherNet/IP: 44818, 2222