A network port is a numbered communication endpoint (1-65535) that routes traffic to specific services on a host. An open port accepts connections, a closed port actively rejects them, and a filtered port is silently blocked by a firewall. Test any IPv4 address, IPv6 address, or domain name from an external network.
Browse tools by category or search instantly
View your current public IP address
Calculate subnet masks and network ranges
Convert between IPv4 and IPv6 addresses
Find Autonomous System Number information
Check if an IP is listed in spam databases
Check if a domain supports IPv6
Resolve domain names to IP addresses
Convert IP addresses to domain names
Scan ports on any IP address or domain
Test your internet connection speed
Detect if you're using a proxy or VPN
Verify if links are accessible
Ping any host to test connectivity
Validate SPF records for email security
Validate DMARC records for email protection
Check DKIM records for email authentication
Analyze email headers to trace sender
Check HTTP response headers of any URL
View your current public IP address
Calculate subnet masks and network ranges
Convert between IPv4 and IPv6 addresses
Find Autonomous System Number information
Check if an IP is listed in spam databases
Check if a domain supports IPv6
Resolve domain names to IP addresses
Convert IP addresses to domain names
Scan ports on any IP address or domain
Test your internet connection speed
Detect if you're using a proxy or VPN
Verify if links are accessible
Ping any host to test connectivity
Validate SPF records for email security
Validate DMARC records for email protection
Check DKIM records for email authentication
Analyze email headers to trace sender
Check HTTP response headers of any URL
The following ports are assigned by IANA (Internet Assigned Numbers Authority) and are the most commonly encountered in network administration and troubleshooting. Each port number identifies a specific protocol or service. Knowing which port a service uses helps you configure firewall rules, diagnose connection failures, and evaluate the exposure of a host.
| Name | Description | |
|---|---|---|
| 80 - HTTP (Hypertext Transfer Protocol) | Primary port for unencrypted web browsing. Web servers typically use this port for standard HTTP connections. Visiting sites without encryption uses this port. | |
| 443 - HTTPS (HTTP Secure) | Encrypted web communication using TLS/SSL protocols. Required for secure e-commerce, login pages, and any site handling sensitive information. | |
| 22 - SSH (Secure Shell) | Encrypted protocol for secure remote server access. Enables administrators to log in and execute commands on remote systems safely. | |
| 21 - FTP (File Transfer Protocol) | Legacy protocol for file transfers between systems. Lacks encryption, making it vulnerable. Prefer SFTP (port 22) or FTPS (port 990) for secure transfers. | |
| 25 - SMTP (Simple Mail Transfer Protocol) | Standard port for email transmission between mail servers. Frequently blocked by ISPs to reduce spam. Contemporary email systems prefer ports 587 or 465. | |
| 53 - DNS (Domain Name System) | Converts human-readable domain names to numeric IP addresses. Fundamental internet service. Typically uses UDP for standard queries, TCP for extended data transfers. | |
| 110 - POP3 (Post Office Protocol v3) | Email retrieval protocol that downloads messages to your device and deletes them from the server. For encrypted access, use POP3S on port 995. | |
| 143 - IMAP (Internet Message Access Protocol) | Email protocol that maintains messages on the server, enabling access from multiple devices. For encrypted connections, use IMAPS on port 993. | |
| 993 - IMAPS (IMAP over SSL/TLS) | Encrypted IMAP implementation with SSL/TLS protection. The preferred method for accessing IMAP email in current email applications. | |
| 995 - POP3S (POP3 over SSL/TLS) | POP3 with SSL/TLS encryption for secure email retrieval. The recommended approach for POP3 connections in today's email software. | |
| 3389 - RDP (Remote Desktop Protocol) | Microsoft's protocol enabling remote desktop control of Windows machines. Requires robust password protection and ideally VPN access for security. | |
| 3306 - MySQL | Standard MySQL database connection port. Requires strict security measures and should never be publicly accessible without firewall protection. | |
| 5432 - PostgreSQL | Default PostgreSQL database connection port. Must be properly secured and restricted to prevent unauthorized database access. | |
| 6379 - Redis | Redis in-memory database default port. Popular for caching and session management. Requires authentication and should remain private, not publicly exposed. | |
| 27017 - MongoDB | MongoDB NoSQL database default connection port. Widely adopted in contemporary web development. Needs authentication and strict network access restrictions. |
Our port checker performs a TCP connection test from an external server to the target host and port you specify. Because the test originates outside your local network, results reflect actual internet reachability. Ports that return no response within the timeout period are reported as filtered, which typically indicates a firewall is silently dropping packets.
You enter a public IP address or domain name and the specific port number you want to test. Common ports like 21 (FTP), 22 (SSH), 80 (HTTP), and 443 (HTTPS) are available for quick selection.
The tool sends a TCP SYN packet from our server to the target host and port. Because the request originates from an external server, the result reflects real internet reachability, not your local network conditions. This simulates what any external client would experience when connecting to that address and port.
The tool displays one of three states. Open means the host replied with TCP SYN-ACK, confirming the port accepts connections. Closed means the host returned TCP RST, actively refusing the connection. Filtered means no reply was received within the timeout period, indicating a firewall is silently dropping packets before they reach the service.
Port checker tools serve a wide range of users from IT professionals to home network enthusiasts. Whether you're managing enterprise infrastructure, deploying web applications, or troubleshooting connectivity problems, port checking helps verify network accessibility, identify blocked ports, and maintain secure network configurations.
Port checker tools are essential for maintaining network security, troubleshooting connectivity issues, and ensuring proper service configuration. Whether you're a professional managing enterprise infrastructure or a home user setting up personal services, understanding port status helps prevent security vulnerabilities and resolve connection problems efficiently.
Our port checker tool provides a comprehensive, user-friendly solution for all your port checking needs. Built with performance and reliability in mind, it offers advanced features that make network diagnostics fast, accurate, and accessible to everyone.
Find answers to common questions about port checking, network diagnostics, and how to use our port checker tool effectively.
First confirm the service is listening on all network interfaces, not just localhost (127.0.0.1). Then check that your host firewall allows inbound traffic on that port, and configure NAT port forwarding on your router if you are behind one. Use our Port Checker to test from an external network. A closed result means the host is actively rejecting connections, which usually points to a missing firewall rule or a service that is not running. A filtered result means a firewall is silently dropping packets before they reach the host. Testing after each configuration change isolates exactly which component is blocking access.
Enter a domain name or IP address and a port number between 1 and 65535, then click Check Port. The tool attempts a TCP connection from our server to your target, testing reachability from outside your own network. Open means the port accepts external connections. Closed means the host actively refused the connection with a TCP RST packet. Filtered means no response was received within the timeout period, which typically indicates a firewall is dropping packets silently. Use our Port Checker after each firewall or router change to isolate the cause of connectivity problems.
A port checker sends a TCP SYN packet to a specified host and port, then interprets the response. If the port is open, the host replies with TCP SYN-ACK, completing the connection handshake. If closed, the host returns a TCP RST packet, actively refusing the connection. If filtered, no reply arrives and the request times out, indicating a firewall is silently dropping packets. Our Port Checker initiates this test from an external server, so results reflect real-world reachability rather than local network conditions. Use it to validate firewall rules, confirm service availability, or diagnose connectivity failures during deployment.
Port knocking hides a service port (typically SSH on port 22) by keeping it firewalled until a client sends connection attempts to a predefined sequence of ports in the correct order, for example 7000, 8000, 9000. The firewall detects this sequence and temporarily opens the target port for that specific IP address. Port knocking reduces exposure to automated scanners and brute-force attacks but is not a substitute for strong authentication, encrypted protocols, or a properly configured firewall policy. It is a stealth measure, not a security layer on its own. You can verify whether a port is visible before and after a knock sequence using our Port Checker.
A port is problematic when it is in an unexpected state. An unexpectedly open port may indicate a misconfigured service, a rogue process, or a compromised host that requires immediate investigation. An unexpectedly closed or filtered port on a required service means traffic is being blocked, often caused by a recent firewall change or a failed service restart. The key distinction is between closed and filtered: a closed port sends a TCP RST response, meaning the host is reachable but the service is not running. A filtered port returns nothing, meaning a firewall is blocking access before the host can respond. Use our Port Checker to detect which state applies and troubleshoot accordingly.
TCP (Transmission Control Protocol) is connection-based and guarantees reliable, ordered delivery through a three-way handshake (SYN, SYN-ACK, ACK). Common TCP ports include 22 (SSH), 25 (SMTP), 80 (HTTP), 443 (HTTPS), and 3306 (MySQL). UDP (User Datagram Protocol) is connectionless and sends packets without confirming delivery, which reduces latency. Common UDP ports include 53 (DNS queries), 67 and 68 (DHCP), 123 (NTP), and game server ports such as 27015 (Counter-Strike). Most port checkers, including ours, test TCP connectivity. UDP port checking requires a different method since closed UDP ports produce no response to connection attempts. Test TCP exposure using our Port Checker.
TCP operates at Layer 4 (Transport) of the OSI model and handles reliable delivery of data between two endpoints. HTTP operates at Layer 7 (Application) and defines the format and sequence of messages exchanged between browsers and web servers. HTTP runs on top of TCP, most commonly on port 80 for unencrypted connections and port 443 for HTTPS (HTTP over TLS). HTTP/2 also uses TCP, while HTTP/3 uses QUIC, a protocol built on UDP rather than TCP. When you check port 80 or 443 with our Port Checker, you are confirming TCP reachability, not HTTP response validity.
Port 80 remains active on most web servers for four reasons. First, HTTP-to-HTTPS redirects: browsers connect on port 80 and receive a 301 redirect to port 443 before the TLS handshake begins. Second, SSL certificate issuance: Let's Encrypt ACME HTTP-01 challenges verify domain ownership by placing a token accessible on port 80, so port 80 must be open to obtain or renew a free TLS certificate. Third, load balancer health checks: internal infrastructure probes often use port 80 since they do not require encryption. Fourth, legacy compatibility with older HTTP clients, embedded devices, and corporate proxies that do not support HTTPS. You can test both ports 80 and 443 using our Port Checker.
Most residential ISPs block inbound connections on port 25 (SMTP), port 80 (HTTP), port 443 (HTTPS), and port 8080 to prevent customers from running public-facing servers on consumer connections. Port 25 is almost universally blocked on residential IPs to reduce spam origination. Some ISPs also block port 22 (SSH) inbound. Business-grade or static IP plans typically allow these ports. If our Port Checker reports a port as filtered on your home IP but your firewall and service configuration appear correct, your ISP may be blocking that port at the network level. Contact your ISP or use a VPS or cloud server if you need to host public-facing services reliably.
Network ports are divided into three ranges defined by IANA. Well-known ports (0 to 1023) are assigned to standard protocols and include HTTP (80), HTTPS (443), SSH (22), FTP (21), SMTP (25), and DNS (53). Registered ports (1024 to 49151) are used by applications that registered with IANA, including MySQL (3306), PostgreSQL (5432), Redis (6379), and MongoDB (27017). Ephemeral or dynamic ports (49152 to 65535) are assigned temporarily by the operating system for outgoing connections and are not associated with a fixed service. Most port checking focuses on well-known and registered ports where services are expected to listen. You can test any port in the full 1 to 65535 range using our Port Checker.