Try the Port Scanner

Port Scanner β€” Check Open Ports & Verify Server Security Configuration

Learn how port scanning works, what common port numbers mean, how to identify dangerous open ports, and how to use a free port scanner to verify your server's security posture.

By sadiqbd Β· June 6, 2026

Share:
Port Scanner β€” Check Open Ports & Verify Server Security Configuration

Knowing which ports are open on a server is basic security hygiene

Every service running on a server listens on a specific port. Your web server answers on port 80 and 443. SSH listens on port 22. A database might be on port 3306 or 5432. Email services use 25, 587, and 993. A port scanner checks which of these ports are actually open and accepting connections β€” essential for security audits, server configuration verification, and network diagnostics.

What Port Scanning Is

A port scan sends connection attempts to a range of ports on a target host and records which ones respond. The three possible states for any port:

  • Open β€” the port is accepting connections; a service is listening
  • Closed β€” the port is reachable but no service is listening
  • Filtered β€” a firewall is blocking the port; no response (the connection attempt is dropped silently)

Understanding which ports are open tells you what services are running and exposed β€” and which ports that should be closed are accidentally left open.

Common Port Numbers and Their Services

Port Protocol Service
21 TCP FTP (file transfer)
22 TCP SSH (secure shell)
23 TCP Telnet (unencrypted, avoid)
25 TCP SMTP (mail sending)
53 TCP/UDP DNS
80 TCP HTTP
110 TCP POP3 (email)
143 TCP IMAP (email)
443 TCP HTTPS
465 TCP SMTP over SSL
587 TCP SMTP submission
993 TCP IMAP over SSL
995 TCP POP3 over SSL
3306 TCP MySQL database
3389 TCP RDP (Windows Remote Desktop)
5432 TCP PostgreSQL database
6379 TCP Redis
8080 TCP HTTP alternative / dev servers
27017 TCP MongoDB

How to Use the Port Scanner on sadiqbd.com

  1. Enter the hostname or IP address β€” the server you want to scan
  2. Select which ports to check β€” common ports, specific ports, or a range
  3. Run the scan β€” the tool attempts connections to each port
  4. Read the results β€” open, closed, and filtered status for each port

Note: Only scan servers you own or have explicit permission to scan. Unauthorised port scanning is potentially illegal in many jurisdictions and violates terms of service for most hosting providers.

Real-World Examples

Post-deployment security check

You've deployed a new server and want to verify only the intended ports are accessible from the internet.

Expected open ports: 80 (HTTP), 443 (HTTPS), 22 (SSH β€” ideally restricted to specific IPs)

Port scan results:

  • Port 80: Open βœ“
  • Port 443: Open βœ“
  • Port 22: Open βœ“
  • Port 3306: Open ← problem

MySQL's port is publicly accessible. The database was installed without firewall rules restricting access to localhost or a specific application server IP. This needs to be fixed immediately β€” a publicly exposed database is a serious security risk.

Verifying email server configuration

A new mail server should have specific ports open:

  • Port 25: Open (SMTP β€” receiving from other mail servers)
  • Port 587: Open (submission β€” for email clients)
  • Port 993: Open (IMAP over SSL)
  • Port 465: Open (SMTP over SSL)

If 587 is closed, email clients using SMTP submission can't send email. If 993 is closed, users can't retrieve mail over IMAP SSL.

Checking if a development server is accidentally exposed

A developer runs a test server on port 8080. The port scan from the internet confirms:

Port 8080: Open

The development server is publicly accessible β€” potentially exposing work-in-progress code, test data, or admin interfaces. Add a firewall rule to block port 8080 from external access.

Finding changed ports for SSH hardening

A common security practice is moving SSH from the default port 22 to a non-standard port (e.g. 2222 or 4822) to reduce automated attack traffic. The port scanner confirms which port the SSH service is actually listening on.

Understanding Firewalls and Filtered Ports

A filtered result doesn't mean no service. It means a firewall is dropping packets silently. Common tools show this as "filtered" when no response is received after a timeout.

Filtering vs. closing: A closed port actively rejects connections (sends a TCP RST). A filtered port drops packets without responding. From a security perspective, filtering is preferable to closed β€” it gives attackers less information.

Cloud provider security groups. AWS Security Groups, Google Cloud firewall rules, and Azure Network Security Groups act as virtual firewalls at the network level. A port can be "open" at the OS level (a service is listening) but filtered by the cloud firewall β€” the port scanner sees it as filtered.

Security Principles for Port Management

Principle of least exposure. Only the ports that absolutely need to be publicly accessible should be open to the internet. Everything else should be blocked at the firewall.

Database ports should never be public. MySQL (3306), PostgreSQL (5432), MongoDB (27017), Redis (6379) β€” these should only be accessible from your application server, not the public internet. A public database port is one of the most common serious security misconfigurations.

SSH access should be restricted by IP where possible. If you administer your server from a fixed IP, restrict SSH access to that IP at the firewall level. Brute-force attacks against SSH are constant and automated.

Monitor for new open ports. Running regular port scans against your own infrastructure detects newly opened ports from software installations, misconfigurations, or intrusions.

Frequently Asked Questions

Is port scanning legal? Scanning your own servers is completely legal. Scanning servers without permission is potentially illegal under computer fraud laws in many countries and violates most hosting providers' terms of service. The tool is intended for checking your own infrastructure.

What's the difference between TCP and UDP port scanning? Most services use TCP (connection-oriented). UDP services (DNS on port 53, some game servers, VoIP) don't use the same connection handshake β€” UDP port scanning works differently and is less reliable. Most port scanners primarily check TCP.

How long does a port scan take? Scanning a range of common ports typically takes a few seconds. Scanning all 65,535 ports takes much longer. Most online tools limit scan ranges for performance and policy reasons.

My port shows as filtered but I need it open. What do I do? Check your server-level firewall (iptables, ufw, firewalld) and cloud-level firewall (security groups, network rules). Both must allow the port. Use ufw allow 443 or the equivalent for your firewall to open a port at the OS level.

Is the port scanner free? Yes β€” completely free, no sign-up required.

Port scanning your own server takes the guesswork out of knowing what's actually exposed to the internet. It's the difference between assuming your configuration is right and verifying it.

Try the Port Scanner free at sadiqbd.com β€” check which ports are open on any host instantly.

Share:
Try the related tool:
Open Port Scanner

More Port Scanner articles

Common Server Ports: Which Should Be Open and Which Must Be Firewalled Common Server Ports: Which Should Be Open and Which Must Be Firewalled Cloud Security Groups: AWS, GCP, Azure β€” Common Misconfigurations and How to Audit Them Cloud Security Groups: AWS, GCP, Azure β€” Common Misconfigurations and How to Audit Them NAT and Port Forwarding for Home Networks: Why "Filtered" Doesn't Mean "Firewalled" NAT and Port Forwarding for Home Networks: Why "Filtered" Doesn't Mean "Firewalled" IPv6's Address Space Is Too Big to Scan β€” Here's Why That Doesn't Make It Secure IPv6's Address Space Is Too Big to Scan β€” Here's Why That Doesn't Make It Secure