WebCheckTools Team May 13, 2026 5 min read

Port Scanner: How to Check Open Ports on Your Server or IP Address

Learn what open ports are, why they matter for security, and how to scan your server for vulnerable or unnecessary open ports using free tools.

What Is a Port Scanner?

A port scanner is a tool that probes a server or IP address to see which network ports are accepting connections. Every internet service uses a specific port number. For example:

  • Port 22 – SSH (secure shell for remote administration)
  • Port 80 – HTTP (unencrypted websites)
  • Port 443 – HTTPS (encrypted websites)
  • Port 25 – SMTP (email sending)
  • Port 3389 – RDP (remote desktop for Windows)

If you have an open port that you don’t use, it could be a security risk. Scanning your own server helps you identify gaps before attackers do.

Why Should You Scan Your Ports?

  • Security auditing – find unnecessary or forgotten services that could be exploited.
  • Firewall testing – verify that your firewall is blocking unwanted traffic.
  • Troubleshooting connectivity – see if a service is actually listening on the expected port.
  • Compliance – some regulations (PCI‑DSS) require regular port scans.

How to Perform a Port Scan (Free Methods)

There are several ways to scan ports, from simple online tools to powerful command‑line utilities.

Option 1: Online Port Scanners (Easiest)

Many websites offer free port scanning. Just enter an IP address or domain, select common ports, and get results in seconds. These tools are fine for a quick check of your public IP.

Option 2: Nmap (Professional, Free)

Nmap (“Network Mapper”) is the industry standard port scanner. Available for Windows, Mac, and Linux. To scan the most common 1000 ports:

nmap your-server-ip

For a faster scan of only well‑known ports:

nmap -F your-server-ip

Option 3: Telnet or Netcat (Quick Manual Check)

To test if a single port is open, use telnet:

telnet example.com 80

If the connection succeeds, the port is open and listening.

What Ports Should Be Open on a Typical Web Server?

For a basic website, you usually need only a few open ports:

  • 22 (SSH) – for remote management (keep it secure with key‑based authentication).
  • 80 (HTTP) – to serve unencrypted traffic (often redirected to 443).
  • 443 (HTTPS) – for secure website connections.
  • 21 (FTP) – only if you use traditional file transfer (consider SFTP over SSH instead).

All other ports should be blocked by your firewall unless you have a specific reason (database direct access, game server, etc.).

Understanding Port Scan Results

A port scan typically reports three states:

  • Open – an application is listening and accepting connections. This is expected for services you intentionally run.
  • Closed – no application listening, but the port is reachable. Firewall is not blocking it.
  • Filtered – the port is likely behind a firewall that silently drops packets. The scanner cannot determine if it’s open or closed.

How to Close Unused Open Ports

If your scan reveals unexpected open ports, take action:

  1. Stop the associated service – on Linux, run sudo systemctl stop service-name and disable it from starting automatically.
  2. Configure your firewall – block the port using iptables (Linux) or Windows Firewall.
  3. Check for malware – an unknown open port could indicate a backdoor. Run a security scan.

External Resources for Advanced Port Scanning

For continuous monitoring or more detailed analysis, these external sites offer professional tools:

  • woorldtv.com – provides scheduled port scanning and vulnerability alerts.
  • cartpostal.net – offers network security checklists and port‑to‑service mapping guides.

Frequently Asked Questions (FAQ)

Is port scanning legal?

Scanning your own servers is perfectly legal. Scanning someone else’s IP without permission may be illegal (considered reconnaissance for hacking). Always only scan your own infrastructure.

What is the difference between TCP and UDP port scanning?

TCP ports (most common) require a three‑way handshake. UDP ports are stateless and harder to scan accurately. Basic online scanners typically check TCP only.

Can I scan my website’s IP from the outside?

Yes! Use an online port scanner or Nmap from a different machine (or a cloud VPS). This simulates what an attacker would see.

Why is port 443 filtered even though my HTTPS site works?

Filtered does not mean closed. Many firewalls are configured to drop packets to certain ports without replying. If your site loads over HTTPS, the port is reachable – the scanner’s probe might have been discarded intentionally.

How often should I scan my ports?

Monthly is good for most small sites. For high‑security environments (e‑commerce, banking), weekly or after any configuration change.

Find Your Public IP Before Scanning

To scan your own server, you first need its public IP address. Use our free IP Lookup Tool to discover your current public IP (if you’re on the server itself) or check the IP of any domain.

Once you have the IP, run a port scan with Nmap or an online tool. Remove any open ports that you don’t use – it’s one of the easiest ways to harden your server against attacks.

Share this article:
X (Twitter) LinkedIn
← Back to Blog