TCP Port Scanner
Scan the 20 most common TCP ports on a host to check which services are publicly reachable from the internet. Results show open ports, associated services, and security recommendations. Only scan hosts you own or have explicit written permission to test.
Common Ports Reference
This scanner checks the 20 most commonly used TCP ports. Here is what each one is used for and the security considerations for each:
| Port | Service | Description | Security Risk |
|---|---|---|---|
21 | FTP | File Transfer Protocol - Unencrypted file transfer. | High |
22 | SSH | Secure Shell - Encrypted remote login and command execution. | Medium |
23 | Telnet | Unencrypted remote terminal protocol. Obsolete. | Critical |
25 | SMTP | Simple Mail Transfer Protocol - Outbound email relay. | Medium |
53 | DNS | Domain Name System - Resolves hostnames to IP addresses. | Low |
80 | HTTP | Unencrypted web traffic. Should redirect to HTTPS. | Medium |
110 | POP3 | Post Office Protocol - Download email from server. | Medium |
143 | IMAP | Internet Message Access Protocol - Email access. | Medium |
443 | HTTPS | Encrypted web traffic (TLS/SSL). Standard for all sites. | Low |
3306 | MySQL | MySQL database server. Should never be public-facing. | Critical |
3389 | RDP | Remote Desktop Protocol - Windows remote access. | Critical |
5432 | PostgreSQL | PostgreSQL database server. Should be firewalled. | High |
6379 | Redis | Redis in-memory data store. No auth by default. | Critical |
8080 | HTTP-Alt | Alternate HTTP port often used by dev servers or proxies. | Medium |
8443 | HTTPS-Alt | Alternate HTTPS port used by some management interfaces. | Low |
27017 | MongoDB | MongoDB database. Has a history of public exposure incidents. | Critical |
How This Tool Works
New to the topic? Read our plain-English guide to what port scanning is and learn what open ports mean for security.
- The scanner attempts a TCP connection to each of the 20 most common ports.
- A successful connection indicates the port is open and accepting connections from our server.
- A timeout or refused connection means the port is closed or filtered by a firewall.
- UDP ports are not scanned - TCP only.
- Results reflect the view from our servers, not your local network.
- Rate limited to 10 scans per hour to prevent abuse.
Frequently Asked Questions
Is port scanning legal?
Scanning systems you own, or have written permission to test, is legal and a normal part of security auditing. Scanning third-party hosts without authorisation can violate computer misuse laws in some jurisdictions and almost always breaches ISP and hosting terms of service. That is why this tool is for authorised use only - Scan your own router, server, or lab targets.
What ports should be open on my router?
From the internet side, ideally none. Every open port is a service reachable by anyone, so expose only what you deliberately run - For example a self-hosted VPN or game server - And close everything else. Disable UPnP if you do not need it, since it lets devices open ports silently, and prefer remote-access solutions that avoid permanent inbound openings.
What is the difference between open, closed, and filtered ports?
An open port has a service actively accepting connections - The scan completes a TCP handshake. A closed port is reachable but nothing is listening; the host answers with a rejection (TCP RST). A filtered port produces no answer at all because a firewall silently drops the probe, which is the standard hardened configuration for anything you do not intend to expose.