Check a Specific Port
Enter a hostname or IP and a port number to test connectivity
Quick Scan — click to auto-fill port
Test whether any TCP port is open or closed on any server, IP address or hostname in real time.
A port is a numbered logical endpoint on a server that routes different types of network traffic to the correct application. Think of an IP address as a building and ports as individual office doors inside it — each door leads to a different service. Web servers listen on port 80 for HTTP and port 443 for HTTPS. SSH remote access uses port 22, MySQL databases use port 3306, and PostgreSQL uses port 5432. Without ports, a single IP address could only run one network service at a time. You can find the IP address behind any domain using our DNS Lookup tool, and then test any of its ports here.
An open port means the server responded to a TCP connection attempt — a service is actively listening and accepting connections on that port. A closed port means the server either refused the connection (the service is not running or not bound to that port) or a firewall is silently dropping the packet without any reply. From the outside, both look similar: no successful connection is established. However a firewall drop causes the check to time out after the full 5 seconds, while a service refusal responds instantly. If you want to verify the SSL certificate on an open HTTPS port, use our SSL Checker immediately after confirming port 443 is open.
Our server attempts a real TCP three-way handshake to the target host and port you specify. If the connection completes within 5 seconds, the port is reported as open and the round-trip response time is shown in milliseconds. If the connection times out or is refused, the port is reported as closed. Because the test originates from our server rather than your own network, the result reflects whether the port is publicly reachable from the internet — which is exactly what matters for web servers, mail servers, and any publicly accessible service. For complementary latency diagnostics, try our Ping Test.
This is one of the most common misconfigurations when setting up a new server. The likely causes in order of frequency are:
127.0.0.1 (localhost only) instead of 0.0.0.0 (all network interfaces) — check the bind address in your application config.Confirm the correct public IP you should be testing against using our What Is My IP tool, then check your firewall rules and application bind address.
Yes. Pass a comma-separated list of ports via the ports query parameter alongside your host, for example: /port-checker?host=example.com&ports=22,80,443,3306. The tool tests each port in sequence and displays the results in a table showing the service name, open or closed status, and response time. This is particularly useful for a quick firewall audit after provisioning a new cloud instance or after making changes to a security group. Combine this with a DNS Lookup to confirm the domain resolves to the IP you intend to test.
A ping sends ICMP echo requests to measure whether a host is reachable at the network layer and how long the round-trip takes. A port check goes one step further and attempts a full TCP connection to a specific service, confirming the application itself is running and accessible. The key practical difference: many servers and cloud providers block ICMP pings entirely for security, while still serving web traffic on port 443 without any issue. A failed ping therefore does not mean the host is down — it often just means ICMP is blocked. Use our Ping Test alongside this tool for a complete picture of both network reachability and service availability.
Port 80 carries unencrypted HTTP traffic. Any data exchanged — including form submissions, session cookies, and API responses — can be read by anyone on the network path between the user and the server. Port 443 carries HTTPS traffic encrypted with TLS, making eavesdropping and man-in-the-middle interception computationally infeasible. Modern best practice is to have both ports open but immediately redirect all HTTP requests arriving on port 80 to HTTPS on port 443, then use HSTS headers to enforce this at the browser level for returning visitors. After confirming port 443 is open, verify the certificate itself with our SSL Certificate Checker and confirm HSTS is configured correctly with our HTTP Headers Checker.
A firewall handles blocked connection attempts in two ways. Reject sends an immediate TCP RST packet back, telling the client the port is definitively closed — this responds instantly. Drop silently discards the incoming packet with no reply, causing the connection attempt to time out after the full timeout window. From a port checker's perspective, a drop causes the check to wait the full 5 seconds before reporting closed, while a reject returns immediately. Most cloud security groups and enterprise firewalls use drop rules to slow down automated scanners. If this tool always times out on a particular host rather than returning instantly, a drop firewall rule is the most likely explanation rather than a stopped service.
No — this tool only tests TCP ports. UDP is connectionless, meaning there is no handshake to test. Checking whether a UDP port is open requires sending a protocol-specific probe and waiting for a service-specific response, which varies by application and is not reliably testable from a remote web tool. For UDP services such as DNS (port 53) or game servers, test from the command line using nmap -sU -p 53 example.com. To verify that DNS records themselves are resolving correctly, use our DNS Lookup tool directly.
The Common Ports Reference panel on this page lists the standard service assignments for the most widely used port numbers. When a port check returns open, the result banner also shows the standard service name if the port matches a known assignment. For a deeper investigation of the web server software, security headers, and redirect chain on an open HTTP or HTTPS port, use our HTTP Headers Checker. To find the registrant, ASN, and network owner behind the IP address you are testing, use our WHOIS Lookup or ASN Lookup tools.
Scanning your own servers and infrastructure is completely legal and considered essential security practice. Scanning servers you do not own or have explicit written permission to test may violate computer misuse and unauthorised access laws in many jurisdictions, including the Computer Fraud and Abuse Act (CFAA) in the United States and the Computer Misuse Act in the United Kingdom. This tool is intended solely for testing infrastructure you own or have permission to audit. It tests one port at a time from our server and is not a network reconnaissance tool.