// scan tcp ports on any host in one click
Scan TCP ports on any host instantly. Check if ports are open or closed, test common service ports, and diagnose connectivity issues — free and browser-based.
Ready to scan
Enter a host and ports, then click ScanType a public domain name or IP address into the Host field.
Enter ports manually (e.g. 80,443,8080) or choose a preset from the dropdown.
Results show open/closed status with response latency for each port.
This tool performs TCP connect scans from the server side, checking whether each specified port on a target host accepts connections. It resolves hostnames to IPs, then attempts a socket connection on each port within a 2-second timeout. Private and loopback IP ranges are blocked for security.
A port scanner is a tool that probes a host for open TCP or UDP ports. It sends connection requests to specific port numbers and records whether each port responds (open) or refuses/ignores the connection (closed or filtered).
An open port successfully accepted a TCP connection — a service is actively listening on that port. A closed port refused the connection or timed out — no service is listening, or a firewall dropped the packet.
Private IP ranges (10.x.x.x, 192.168.x.x, 172.16–31.x.x) and localhost are blocked for security reasons. Scanning your own internal network from an external server would not give meaningful results and could expose our infrastructure to abuse.
Scanning your own servers or systems you have explicit permission to test is legal. Scanning third-party hosts without authorization may violate computer misuse laws in many jurisdictions. Always get written permission before scanning systems you do not own.
This tool allows up to 50 ports per scan to ensure reasonable response times and prevent abuse. For larger scans you can use specialized tools like Nmap locally, which supports scanning thousands of ports simultaneously.
Firewalls, security groups, or ISP-level filtering may block the connection before it reaches the host. The port could also be rate-limiting inbound connections, or the service may be bound to a specific network interface (e.g. 127.0.0.1 only).
Presets group commonly used service ports: Web covers HTTP/HTTPS, Mail covers SMTP/POP3/IMAP, Databases covers MySQL, PostgreSQL, MSSQL, MongoDB and Redis, and Remote Desktop covers RDP and VNC. You can also enter any custom port range manually.
This tool performs a TCP connect scan — the most reliable but also the most detectable scan type. It completes the full TCP three-way handshake on each port. UDP scanning is not supported as it requires raw socket access not available in most hosted environments.
A port scanner is a network diagnostic tool that probes a target host to determine which TCP or UDP ports are accessible from the outside. Each port number (from 1 to 65535) corresponds to a specific service or protocol — port 80 for HTTP, 443 for HTTPS, 22 for SSH, 3306 for MySQL, and so on. By scanning a range of ports, administrators and developers can verify that their services are running correctly, confirm that sensitive ports are not unintentionally exposed to the public internet, and diagnose firewall or routing issues that might be preventing legitimate traffic.
Our tool performs a TCP connect scan, which is the most straightforward and reliable method of port scanning. For each port in your list, the scanner attempts to establish a full TCP three-way handshake (SYN → SYN-ACK → ACK). If the target host completes the handshake, the port is recorded as open, meaning an active service is listening. If the host sends back a RST (reset) packet or the connection times out after 2 seconds, the port is recorded as closed or filtered.
Unlike stealth scans (SYN/half-open scans) used by tools like Nmap, a TCP connect scan is fully completed at the OS level. This makes it slightly more detectable by intrusion detection systems, but it works reliably without requiring raw socket privileges and is completely accurate — there are no false positives from RST floods or packet filtering artifacts.
Understanding which service each port number corresponds to is essential for network diagnostics. Here is a reference for the most commonly scanned ports:
21 — FTP (File Transfer Protocol, control channel)22 — SSH (Secure Shell, remote access)23 — Telnet (unencrypted remote access, legacy)25 — SMTP (Simple Mail Transfer Protocol, outbound mail)53 — DNS (Domain Name System)80 — HTTP (Hypertext Transfer Protocol, web)110 — POP3 (Post Office Protocol, incoming mail)143 — IMAP (Internet Message Access Protocol)443 — HTTPS (HTTP over TLS/SSL)465 / 587 — SMTPS / SMTP Submission (secure mail sending)993 / 995 — IMAPS / POP3S (secure mail retrieval)1433 — Microsoft SQL Server3306 — MySQL / MariaDB3389 — RDP (Remote Desktop Protocol)5432 — PostgreSQL5900 — VNC (Virtual Network Computing)6379 — Redis8080 / 8443 — Alternative HTTP/HTTPS (development servers, proxies)27017 — MongoDBOne of the first steps in any security audit is enumerating which ports are open on a server. An unnecessary open port is an attack surface — if a service is running but not needed, it should be disabled and its port closed via firewall rules. Common security issues found through port scanning include:
A ping (ICMP echo request) checks if a host is reachable at the network layer — it tells you whether packets can travel to and from an IP address. A port scan operates at the transport layer, checking whether a specific TCP service on that host is accepting connections. A host can be pingable but have all its ports firewalled (or vice versa — ICMP can be blocked while TCP services are running). For a complete picture of a server's accessibility, you need both tools.
This tool supports flexible port input formats. You can enter individual ports separated by commas (80,443,8080), continuous ranges using a dash (8000-8100), or a combination of both (22,80,443,3000-3010). Port ranges are useful for scanning non-standard port ranges used by applications, load balancers, or microservices. The tool supports up to 50 ports per scan to balance speed with usability — for comprehensive scans of hundreds of ports, command-line tools like nmap are more appropriate.
Alongside the open/closed status, the tool reports the round-trip time in milliseconds for each port connection attempt. For open ports, this latency reflects the time it took for the TCP handshake to complete — low latency (under 50ms) indicates a nearby, well-connected server. For closed ports, high latency (close to the 2000ms timeout) often means the port is filtered by a firewall rather than actively closed — a firewall that silently drops packets looks identical to a non-existent service. A quick reset from an active firewall rejection is usually much faster (under 10ms).
Port scanning is a standard and legitimate tool in network administration and security research. However, unauthorized port scanning of systems you do not own or have explicit permission to test can violate laws such as the Computer Fraud and Abuse Act (CFAA) in the United States, the Computer Misuse Act in the UK, and similar legislation in other jurisdictions. Always ensure you have authorization before scanning any system. This tool is designed for scanning your own infrastructure and is rate-limited to prevent abuse. Private IP ranges and localhost addresses are blocked entirely.