Skip to content
← All Tools

What Is My Open Ports

Check which TCP ports are open, closed, or filtered on your public IP address — no software needed.

This tool checks your public IP address for open TCP ports by having our server attempt a real connection on your behalf. It reports whether each port is open (a service is listening), closed (connection refused), or filtered (a firewall is dropping packets silently) — exactly what any other host on the internet would see.

🔌What Is My Open Ports

What is a network port?

A port is a 16-bit number (1–65535) that acts as a numbered door on a networked computer. An IP address routes traffic to the right machine; the port number tells the OS which program should handle that traffic. When a program listens on a port it is waiting for incoming connections. When nothing is listening, the OS rejects connection attempts immediately.

Ports 1–1023 are well-known (reserved for standard services like HTTP on 80 and HTTPS on 443). Ports 1024–49151 are registered (commonly used by applications like MySQL on 3306 or PostgreSQL on 5432). Ports 49152–65535 are ephemeral — used temporarily by your OS for the outgoing side of connections you initiate and not usually associated with listening services.

Open, closed, and filtered — what each status means

  • Open — the TCP three-way handshake completed. A service is actively listening and accepted the connection. This port is reachable from the internet.
  • Closed — the OS immediately sent back a TCP RST (reset). No service is listening on this port, but the host is reachable. The port is not accessible to remote clients.
  • Filtered — our connection attempt received no reply within the timeout. A firewall, router NAT rule, or security group is silently dropping the packet before it reaches the host. This is the most common result for home IP addresses with default router settings.

For most users, nearly all ports will be filtered because home routers apply NAT and block inbound connections by default. Open ports on a public IP mean either a service is intentionally exposed or port forwarding is configured on the router.

How the port check works

Browsers cannot scan external IPs directly — security restrictions prevent JavaScript from making arbitrary TCP connections to public addresses. Instead, this tool uses a server-side endpoint on our infrastructure that initiates the TCP connection on your behalf. The process:

  • Your browser sends a request to our /api/open-ports?port=N endpoint, authenticated only by being the request origin (we extract your IP from the request).
  • Our server attempts a TCP connection to your IP on the requested port with a 3-second timeout.
  • The result (open / closed / filtered) and elapsed time are returned to your browser and displayed in the table.

This is the same technique used by tools like canyouseeme.org — the check reflects what any external server would see when connecting to your public IP.

Which open ports are security risks?

Not all open ports are dangerous — a web server intentionally exposes port 443. The concern is services that should not be accessible to the public internet:

  • Databases (3306 MySQL, 5432 PostgreSQL, 6379 Redis, 27017 MongoDB) — should never be publicly reachable. Even with authentication, exposed databases are constantly probed for weak credentials and known CVEs.
  • Remote access (22 SSH, 3389 RDP, 23 Telnet) — SSH with key-based authentication is relatively safe if kept patched; RDP and Telnet are high-risk. All three attract automated brute-force attacks.
  • Development servers (3000, 5173, 8080, 8888 Jupyter) — dev tools typically have no authentication and expose sensitive data or code execution. Always bind to localhost during development.
  • Admin panels (9090 Prometheus, 5601 Kibana) — monitoring dashboards often contain credentials and infrastructure details. Restrict to internal networks or VPN.

To see the public IP being scanned, visit What Is My IP. To identify your ISP or hosting organization, use What Is My ISP. For round-trip latency to this server, see What Is My Latency.

Privacy note

Port checks are made only to the IP address of the incoming request — we cannot be directed to scan other hosts. Your IP and the scan results are not stored on our servers beyond the duration of your session. See our Privacy Policy for how analytics and advertising operate separately from this diagnostic.

Common questions

What does this tool check?
This tool attempts a TCP connection from our server to your public IP address on each port you select. If the connection is accepted, the port is 'open'. If the connection is refused immediately, the port is 'closed'. If no response arrives within the timeout, the port is 'filtered' — a firewall or NAT device is silently dropping the packet.
What is a network port?
A port is a 16-bit number (1–65535) that acts like a door number on a host. When a program listens on a port, any computer on the internet can try to connect to that port at your IP address. Port 80 is conventionally HTTP, 443 is HTTPS, 22 is SSH, and so on. Ports below 1024 are reserved; the rest are freely assignable by any application.
What is the difference between open, closed, and filtered?
Open means a program is actively listening on that port and accepted our TCP handshake. Closed means nothing is listening — the OS sent back a TCP RST immediately. Filtered means a firewall dropped our packet without reply, leaving us to wait until timeout. Closed and filtered are both effectively inaccessible from the internet; the distinction matters for diagnosing firewall configuration.
Is it safe to have open ports?
It depends on the service. Port 443 open on a web server is expected. Port 3306 (MySQL) open to the public internet is a serious risk — it means your database is directly reachable. Common attack vectors include brute-forcing SSH (port 22), exploiting unpatched services, and scanning for default credentials. If a port you don't recognize is open, investigate and close it.
How is this different from scanning localhost?
This tool checks your public IP — the address the wider internet sees. Browsers cannot reliably scan your router's external IP or your own public IP directly due to security restrictions. Our server makes the TCP connection on your behalf, so the result reflects what any internet host would observe when trying to reach your IP.
Will a VPN change the results?
Yes. If you are connected to a VPN, your public IP is the VPN exit server's IP. The port scan will reflect which ports the VPN provider has open on that server, not your home router. Disconnect the VPN first if you want to check your home or office connection.
Why might a port show 'filtered' even if I have a server running?
Your router's NAT (network address translation) or firewall is blocking the incoming connection before it reaches your machine. Most home routers block all inbound connections by default. To make a port reachable from the internet you typically need to configure port forwarding on your router, pointing external port traffic to your internal machine's IP and port.
Which ports are most commonly dangerous to leave open?
Database ports (MySQL 3306, PostgreSQL 5432, MongoDB 27017, Redis 6379) should never be publicly accessible without a VPN or firewall rule. Remote access ports like RDP (3389) and Telnet (23) are frequently targeted. SSH (22) is safer with key-based authentication but should still be firewalled unless intentionally public. Any port running outdated software is a risk regardless of number.

Also Check These Tools

🌐What Is My IPInstantly see your public IPv4 and IPv6 address with ISP, city, and country details.📡What Is My ISPSee which Internet Service Provider (ISP) or organization is associated with your public IP and connection.🔷What Is My DNSLook up public DNS A and AAAA records using Cloudflare DNS over HTTPS, with honest labeling about resolvers.📶What Is My LatencyMeasure HTTPS round-trip time from your browser to this site—a practical “ping” when ICMP is not available in the web sandbox.🛜What Is My Network TypeDetect whether you are on Wi-Fi, cellular, or ethernet, with effective speed class and estimated bandwidth from the Network Information API.Internet Speed TestTest your download and upload speeds with a fast, accurate in-browser speed test.🖥️What Is My BrowserDetect your browser name, version, engine, and operating system in one click.🔍What Is My User AgentSee the full user agent string your browser sends to websites and servers.📐What Is My Screen ResolutionCheck your screen resolution, color depth, pixel ratio, and viewport size.🎮What Is My WebGL / GPUDetect your GPU renderer, vendor, WebGL version, and key graphics capabilities directly from your browser — no plugins required.📍What Is My LocationDiscover your approximate location based on your IP address including city and country.🕐What Is My TimezoneFind your current timezone, UTC offset, and local time with DST status.