Check if a port is open from anywhere on the internet.
Test any TCP port on an IPv4, IPv6 or hostname. Results come from an external server in <2 seconds, so you see what the rest of the internet sees.
Every network tool you will reach for.
Focused utilities for ports, IPs, DNS and email. All free, all running from external probes.
포트 체커
Scan any TCP port on any host
DNS 조회
Resolve domains to IP addresses
역방향 DNS 조회
Turn IPs back into hostnames
핑 도구
Test host reachability via ICMP
속도 테스트
Measure download, upload, latency
프록시 확인
Detect VPN or proxy usage
링크 확인기
Verify if URLs are accessible
HTTP 헤더 검사기
Inspect response headers
내 IP는 무엇인가요?
Show your current public IP
IP 서브넷 계산기
Masks, ranges, CIDR math
IPv4에서 IPv6로 변환기
Map to IPv4-mapped, 6to4 and compatible formats
ASN 조회
Find org, ISP and IP ranges by ASN
IP 블랙리스트 검사기
Check if IP is spam-listed
IPv6 호환성 검사기
Check AAAA records and IPv6 reachability
SPF 레코드 검사기
Validate email sender policy
DMARC 검증기
Parse policy, alignment and reporting config
DKIM 검사기
Verify DKIM signatures
이메일 헤더 분석기
Trace email origin and routing
Enter. Probe. Read the result.
Every probe originates from our external server in eu-west-1, not your browser or local machine. This means results reflect real internet reachability - including what firewalls, ISP blocks, and NAT rules look like from outside your network.
Give it a target
IPv4, IPv6 or hostname, plus a port from 1 to 65535. Quick-select the common ones.
TCP SYN from eu-west-1
Sent from our external server - never your local network. The target sees a real internet client.
Three possible states
SYN-ACK means open. RST means closed. Silence means filtered.
일반 포트 참조
Ports assigned by IANA for standard protocols - the ones that come up most often in firewall configs, deployment checklists, and security audits.
| Port | 이름 | 설명 | |
|---|---|---|---|
| 80 | HTTP | Primary port for unencrypted web browsing. Web servers typically use this port for standard HTTP connections. Visiting sites without encryption uses this port. | |
| 443 | HTTPS | Encrypted web communication using TLS/SSL protocols. Required for secure e-commerce, login pages, and any site handling sensitive information. | |
| 22 | SSH | Encrypted protocol for secure remote server access. Enables administrators to log in and execute commands on remote systems safely. | |
| 21 | FTP | Legacy protocol for file transfers between systems. Lacks encryption, making it vulnerable. Prefer SFTP (port 22) or FTPS (port 990) for secure transfers. | |
| 25 | SMTP | Standard port for email transmission between mail servers. Frequently blocked by ISPs to reduce spam. Contemporary email systems prefer ports 587 or 465. | |
| 53 | DNS | Converts human-readable domain names to numeric IP addresses. Fundamental internet service. Typically uses UDP for standard queries, TCP for extended data transfers. | |
| 110 | POP3 | Email retrieval protocol that downloads messages to your device and deletes them from the server. For encrypted access, use POP3S on port 995. | |
| 143 | IMAP | Email protocol that maintains messages on the server, enabling access from multiple devices. For encrypted connections, use IMAPS on port 993. | |
| 993 | IMAPS | Encrypted IMAP implementation with SSL/TLS protection. The preferred method for accessing IMAP email in current email applications. | |
| 3389 | RDP | Microsoft's protocol enabling remote desktop control of Windows machines. Requires robust password protection and ideally VPN access for security. | |
| 3306 | MySQL | MySQL's default port for TCP connections. Bind to localhost or a private interface only - an open port 3306 on a public IP is a critical server misconfiguration. | |
| 5432 | PostgreSQL | PostgreSQL's default port. Legitimate production setups do not expose port 5432 to the public internet. If it shows as open, investigate immediately. | |
| 6379 | Redis | Redis in-memory database default port. Popular for caching and session management. Requires authentication and should remain private, not publicly exposed. | |
| 27017 | MongoDB | MongoDB's default TCP port. Should never be publicly reachable - exposed MongoDB instances on port 27017 are a frequent source of data breaches on misconfigured servers. |
Built for the people who live in a terminal.
From gamers troubleshooting port forwarding to sysadmins auditing firewall rules and developers confirming a deployment is reachable - port checking is one of those tools everyone in tech reaches for eventually.
게이머
인증 게임 서버 접근성 by testing essential multiplayer ports like 25565 for Minecraft or 27015 for Counter-Strike. Port checking helps diagnose connection problems and configure 포트 포워딩 on routers.
네트워크 관리자
감사 열린 포트와 닫힌 포트 to detect security risks, confirm firewall rules, and keep enterprise networks locked down. Regular checks also help validate 세분화 정책 그리고 예상치 못한 노출된 서비스를 빠르게 발견합니다.
웹 개발자
인증 웹사이트 및 API 접근성 by testing HTTP port 80 and HTTPS port 443 from external networks. Port checking confirms services are reachable during deployment and validates 방화벽 구성 웹 애플리케이션을 위한.
시스템 관리자
다음에 대한 포트 가용성 테스트 원격 액세스 도구 like SSH on port 22, RDP on port 3389, or FTP on port 21. Port checking ensures remote management protocols are properly configured and verifies 보안 정책 올바르게 구현되었는지 확인합니다.
가정 사용자
확인하세요 인터넷 서비스 제공업체 개인 웹사이트, VoIP 시스템 또는 이메일 서버를 호스팅하기 위한 포트를 차단하고 있습니다. 포트 검사는 ISP 제한을 식별하고 안내합니다 라우터 구성 가정 네트워크 서비스를 위한.
IT 지원 팀
문제 해결 클라이언트 연결 문제 실시간으로 원격 서버 포트를 테스트함으로써. 포트 검사는 문제가 포트 차단, 방화벽 구성 오류 또는 서비스 중단에서 비롯된 것인지 식별하는 데 도움을 주어 가능하게 합니다 더 빠른 문제 해결 .
What makes this port checker different.
No account, no install. Enter any IPv4, IPv6 or hostname and a port number - the probe runs from an external server and returns a real TCP result in under 2 seconds. Free, with no rate limits.
초고속
TCP probes go out the moment you click. Results are back in under 2 seconds from our eu-west-1 prober - no queuing, no polling delays.
매우 신뢰할 수 있음
Every port check runs from a dedicated external server, not your browser. The result reflects actual internet reachability - the same SYN-ACK or RST any real client would receive.
완전 무료
모든 기능 액세스 등록, 구독 또는 숨겨진 요금 없이 . Our port checker tool is free to use with no limits on the number of checks.
일괄 포트 검사
최대 검사 10개 포트 동시에 . 일괄 확인은 여러 서비스를 테스트하거나 종합적인 네트워크 감사를 수행할 때 시간을 절약합니다.
빠른 포트 선택
얻기 일반적인 포트에 대한 원클릭 액세스 like HTTP, HTTPS, SSH, FTP, and database ports. Quick selection eliminates manual entry errors.
IPv4 및 IPv6 지원
다음에서 포트 테스트 IPv4와 IPv6 주소 모두 , as well as domain names. Full protocol support ensures you can check connectivity for any network configuration.
자주 묻는 질문.
먼저 서비스가 localhost(127.0.0.1)뿐만 아니라 모든 네트워크 인터페이스에서 수신 대기 중인지 확인하세요. 그런 다음 호스트 방화벽이 해당 포트의 인바운드 트래픽을 허용하는지 확인하고, 라우터 뒤에 있는 경우 NAT 포트 포워딩을 구성하세요. 저희 포트 체커 to test from an external network. A closed result means the host is actively rejecting connections, which usually points to a missing firewall rule or a service that is not running. A filtered result means a firewall is silently dropping packets before they reach the host.
Enter a domain name or IP address and a port number between 1 and 65535, then click Check Port. The tool attempts a TCP connection from our server to your target, testing reachability from outside your own network. Open means the port accepts external connections. Closed means the host actively refused the connection with a TCP RST packet. Filtered means no response was received within the timeout period, which typically indicates a firewall is dropping packets silently.
A port checker sends a TCP SYN packet to a specified host and port, then interprets the response. If the port is open, the host replies with TCP SYN-ACK, completing the connection handshake. If closed, the host returns a TCP RST packet, actively refusing the connection. If filtered, no reply arrives and the request times out, indicating a firewall is silently dropping packets.
Port knocking hides a service port (typically SSH on port 22) by keeping it firewalled until a client sends connection attempts to a predefined sequence of ports in the correct order, for example 7000, 8000, 9000. The firewall detects this sequence and temporarily opens the target port for that specific IP address. Port knocking reduces exposure to automated scanners and brute-force attacks but is not a substitute for strong authentication.
A port is problematic when it is in an unexpected state. An unexpectedly open port may indicate a misconfigured service, a rogue process, or a compromised host. An unexpectedly closed or filtered port on a required service means traffic is being blocked. The key distinction is between closed and filtered: a closed port sends a TCP RST response, meaning the host is reachable but the service is not running. A filtered port returns nothing, meaning a firewall is blocking access before the host can respond.
TCP (Transmission Control Protocol) is connection-based and guarantees reliable, ordered delivery through a three-way handshake (SYN, SYN-ACK, ACK). Common TCP ports include 22 (SSH), 25 (SMTP), 80 (HTTP), 443 (HTTPS), and 3306 (MySQL). UDP (User Datagram Protocol) is connectionless and sends packets without confirming delivery, which reduces latency. Common UDP ports include 53 (DNS queries), 67 and 68 (DHCP), 123 (NTP), and game server ports such as 27015 (Counter-Strike). Most port checkers, including ours, test TCP connectivity.
Network ports are divided into three ranges defined by IANA. Well-known ports (0 to 1023) are assigned to standard protocols and include HTTP (80), HTTPS (443), SSH (22), FTP (21), SMTP (25), and DNS (53). Registered ports (1024 to 49151) are used by applications that registered with IANA, including MySQL (3306), PostgreSQL (5432), Redis (6379), and MongoDB (27017). Ephemeral or dynamic ports (49152 to 65535) are assigned temporarily by the operating system for outgoing connections.
Most residential ISPs block inbound connections on port 25 (SMTP), port 80 (HTTP), port 443 (HTTPS), and port 8080 to prevent customers from running public-facing servers on consumer connections. Port 25 is almost universally blocked on residential IPs to reduce spam origination. Some ISPs also block port 22 (SSH) inbound. Business-grade or static IP plans typically allow these ports.
Port forwarding is a NAT (Network Address Translation) rule configured on a router that redirects inbound traffic arriving on a specific external port to a private IP address and port inside the local network. When a packet arrives at your router's public IP on the forwarded port, the router rewrites the destination address and forwards the packet to the internal device. Without port forwarding, all unsolicited inbound traffic is dropped at the router because the router has no mapping for where to send it. To verify a port forward is working, use an external port checker after configuring the rule - if the port shows as open, the router is correctly forwarding to the internal service.
TCP port checking works by initiating a connection handshake (SYN) and interpreting the response: SYN-ACK confirms open, RST confirms closed, and no reply indicates filtered. UDP has no handshake mechanism - it sends a datagram and receives no acknowledgment if the port is open. An open UDP port simply accepts the packet silently. The only way to detect a closed UDP port is when the host returns an ICMP port-unreachable message, but many hosts suppress these messages, making UDP open and UDP filtered indistinguishable to a remote prober. This unreliability makes external UDP port checking impractical for most use cases.
The port checker confirms the TCP port accepts connections at the network level, but application-layer issues can still prevent your software from working. Common causes: the service requires TLS and your client is connecting without it (or vice versa); the service requires a specific hostname via SNI or virtual hosting that differs from the IP being tested; the application has IP allowlisting that blocks your client's IP while permitting the prober's; or the service accepts the connection then immediately closes it due to authentication failure. A port showing as open means the TCP handshake completed - it does not guarantee the service behind it will accept your specific request.
No. An external port checker sends probes from a server on the public internet and cannot reach private IP address ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) or the loopback address (127.0.0.1). These addresses are not routable on the public internet - packets sent to them are dropped at the first router. To test ports on a local machine or private network, use command-line tools such as nc (netcat), telnet, or nmap directly from within the same network. External port checkers are only useful for testing public-facing services.
The principle is to expose only the ports your service explicitly requires and firewall everything else. High-risk ports that are frequently targeted by automated scanners include: 22 (SSH) - restrict to specific source IPs or move to a non-standard port; 23 (Telnet) - disable entirely, use SSH instead; 3389 (RDP) - never expose publicly without a VPN in front; 3306 (MySQL), 5432 (PostgreSQL), 6379 (Redis), 27017 (MongoDB) - database ports should never be publicly accessible. FTP (21) should be replaced with SFTP over SSH. Run a port scan against your own server periodically to confirm no unexpected services have been exposed.
The TCP three-way handshake is the connection establishment sequence used before any data is exchanged. Step 1: the client sends a SYN (synchronize) packet with a randomly chosen sequence number. Step 2: if the port is open, the server responds with SYN-ACK, acknowledging the client's sequence number and sending its own. Step 3: the client sends ACK to confirm receipt, completing the handshake. Port checkers use this mechanism to determine port state: a SYN-ACK in step 2 confirms the port is open. A RST (reset) response instead of SYN-ACK means the port is closed. No response within the timeout period means the port is filtered by a firewall.