SysAdmin Tools

A port checker tests whether a specific TCP port is open and reachable on a given IP address or domain name from an external network perspective. This is an essential tool for network engineers, sysadmins, and developers who need to verify that firewall rules are correctly configured, that a service is actually listening on the expected port, and that there are no network-level blocks between clients and their servers.

When you run a web server, database, mail server, or any network service, that service listens on a specific port number. For the service to be accessible, the port must be open through every firewall and security group between the client and server. A common pain point in DevOps is deploying a service correctly on the server but forgetting to open the corresponding port in a cloud security group, OS firewall rule, or upstream network ACL. Our port checker identifies this instantly by attempting a TCP connection from our servers to your target.

Unlike running a port scan from your own machine, our external port checker tests reachability from the public internet — the same perspective your actual users and clients have. This matters because your local machine may be on the same network as the server, bypassing external firewall rules entirely. An external check confirms what external clients actually see.

Common ports to check include 80 (HTTP), 443 (HTTPS), 22 (SSH), 25 (SMTP), 3306 (MySQL), 5432 (PostgreSQL), 6379 (Redis), and 3389 (RDP). The tool can check any valid port from 1 to 65535.

How to Use the Port Checker Tool

  1. 1

    Enter the IP address or domain

    Type the IP address (IPv4 or IPv6) or domain name you want to check — for example, 93.184.216.34 or server.example.com. Domain names are resolved to their IP address before the port check.

  2. 2

    Enter the port number

    Type the port number you want to test (1–65535). Common ports are listed in the tool for quick selection: 80 (HTTP), 443 (HTTPS), 22 (SSH), 3306 (MySQL), and others.

  3. 3

    Click Check Port

    The tool attempts a TCP connection to the specified host and port from our servers. Results show whether the port is open (connection established), closed (connection refused), or filtered (connection timed out).

  4. 4

    Interpret the result

    Open means the service is reachable. Closed means the host rejected the connection — the host is reachable but nothing is listening on that port, or the firewall is sending TCP RST. Filtered means the connection timed out — a firewall is silently dropping packets.

Understanding Port Check Results

A port check result is one of three states. Open means the TCP connection was successfully established — the host is reachable and a service is actively listening on that port. This is the expected result when a service is running and properly exposed. Closed means the host is reachable but the port is not open. The host sent a TCP RST (reset) packet, meaning nothing is listening on that port or a local firewall rule is explicitly rejecting the connection. Filtered (or timed out) means packets are being silently dropped — typically by a firewall, security group, or network ACL that has no explicit allow rule for that port. The distinction between closed and filtered is important: closed means the host itself is accessible (ping would work, other ports might be open) but this specific port is not listening. Filtered means a network device between our checker and the host is blocking the traffic before it even reaches the host. Filtered ports are the most common result when a cloud security group or firewall rule has not been configured.
FieldDescription
Status: OpenTCP connection established successfully. The service is listening on this port and is reachable from the public internet.
Status: ClosedHost is reachable but rejected the connection (TCP RST). No service is listening on this port, or a local firewall rule is denying it.
Status: FilteredConnection timed out. A firewall or network device is silently dropping packets to this port.
Response TimeTime in milliseconds for the TCP handshake to complete. Only available for open ports.
Resolved IPIf a domain name was entered, the IP address it resolved to before the port check was performed.

Common Port Checker Use Cases

Verify firewall and security group rules

After deploying a server in AWS, GCP, or Azure and configuring security group rules, use the port checker to confirm the expected ports are open from the public internet. This catches missing inbound rules before they become support incidents.

Debug service connectivity issues

When clients report they cannot connect to a service (web app, database, game server, API), a port check immediately tells you whether the problem is a network/firewall issue (filtered or closed) or an application issue (the service crashed after the port was open).

Confirm SSH is accessible before a remote session

Before starting a remote server maintenance window, verify that port 22 (SSH) or your custom SSH port is open. This prevents the awkward situation of locking yourself out by mis-configuring a firewall rule mid-session without verifying access first.

Check if a mail server is reachable on port 25

Many ISPs and cloud providers block outbound port 25 by default to prevent spam. Use the port checker to confirm whether your server can receive inbound SMTP connections on port 25, or whether you need to use port 587 (submission) or 465 (SMTPS) instead.

Port Checker — Frequently Asked Questions

What is a port checker?
A port checker is a network diagnostic tool that tests whether a specific TCP port is open and accessible on a remote host from an external network. It attempts a TCP connection to the target host and port and reports whether the connection succeeded (open), was refused (closed), or timed out (filtered by a firewall). It is used to verify that services are reachable and firewall rules are correctly configured.
How do I check if a port is open?
Enter the IP address or domain and port number in the port checker above and click Check Port. The tool tests the TCP connection from our external servers and returns the result within seconds. Alternatively, use the terminal command: nc -zv example.com 443 or telnet example.com 443. Our online tool tests from an external perspective, which is more representative of what real clients see than testing from your own network.
What is the difference between an open and a filtered port?
An open port means the TCP connection was established — the host accepted the connection and a service is listening. A filtered port means the connection attempt timed out — a firewall or network device is silently dropping the packets without sending any response. A closed port means the host responded with TCP RST — the host is reachable but there is nothing listening on that port or a firewall is explicitly rejecting it.
Why does my port show as filtered even though I opened it in the firewall?
Filtered typically means packets are not reaching the host at all. Check every layer of network filtering: cloud security group (AWS/GCP/Azure), network ACL, OS-level firewall (iptables, ufw, Windows Firewall), and any upstream router or load balancer rules. It is common for a cloud security group to be correctly configured but an OS-level iptables rule to be blocking the same port, or vice versa.
What common ports should I check?
Port 80 (HTTP), 443 (HTTPS), 22 (SSH), 21 (FTP), 25 (SMTP), 587 (SMTP submission), 3306 (MySQL), 5432 (PostgreSQL), 6379 (Redis), 27017 (MongoDB), 3389 (RDP), 8080 and 8443 (alternative HTTP/HTTPS). Always check the specific port your service is actually configured to listen on — many services use custom ports for security by obscurity.
Can I check if a UDP port is open?
Our port checker tests TCP ports only. UDP port checking is more complex because UDP is connectionless — there is no TCP handshake to confirm the port is open. Most common services (HTTP, HTTPS, SSH, SMTP, databases) use TCP. Services using UDP include DNS (port 53), VoIP (SIP on 5060), and VPN protocols (WireGuard, OpenVPN). For UDP port testing, use nmap from the command line: nmap -sU -p 53 example.com.
Why can I connect from my own machine but the port checker says filtered?
This is a common scenario when you are on the same local network as the server. Firewall rules often allow local network traffic even when external traffic is blocked. Our port checker tests from outside the network — the same perspective as your actual internet users. If the checker reports filtered but you can connect locally, the external firewall (cloud security group, router, network ACL) is blocking external access while allowing internal access.
Is it normal for port 25 to be blocked?
Yes. Port 25 (SMTP) is blocked by default by most consumer ISPs and major cloud providers (AWS, GCP, Azure) to prevent their networks from being used to send spam. If you run a mail server in the cloud, you typically need to request unblocking of port 25 through your provider's abuse team. Alternatively, use port 587 (SMTP submission with authentication) or a smart host relay for outbound email.
What ports are commonly blocked by firewalls?
Port 25 (SMTP) is blocked by most cloud providers and ISPs. Port 23 (Telnet) and 21 (FTP) are often blocked for security reasons. Port 3389 (RDP) is frequently blocked on default security group rules to prevent brute-force attacks. Ports below 1024 generally require root/administrator privileges to bind to on Linux/Windows. Well-known database ports (3306, 5432, 27017) should only be open to specific IP ranges, not the public internet.
How can I open a port on my server?
Opening a port requires two steps: ensure the service is configured to listen on that port, and ensure the firewall allows inbound traffic. For Linux: use ufw allow 80/tcp or iptables -A INPUT -p tcp --dport 80 -j ACCEPT. For cloud servers: add an inbound rule to the security group or firewall in your cloud console. For home servers: configure port forwarding in your router to map the external port to your server's internal IP. After making changes, use the port checker to verify the result.

Related Tools

DNS Lookup

Resolve the domain to an IP address before running a port check.

SSL Checker

Verify the HTTPS certificate on port 443 after confirming the port is open.

DNS Propagation

Check if a domain's new IP address has propagated globally when debugging connectivity.