FREE · NO ACCOUNT REQUIRED

Free online port scanner — check if any TCP port is open on any IP or hostname.

Port Scanner Online attempts a TCP connection to each requested port on the target IP or hostname, measures whether it's open, closed, or filtered, identifies the service likely running based on port number and banner-grab where available, and presents the results in a clear list. Supports single-port checks, common-port presets (web, mail, database, remote-admin), and custom ranges. Real connections, real-time results, no signup.

01 · OVERVIEW

What gets scanned

Six independent classes of output per port scan. The per-port open/closed status is the table-stakes output; the service identification, the banner grab, and the firewall behavior detection are the differentiators.

TCP connection probe (Real connection)

Attempts an actual TCP three-way handshake to each port. If the SYN-ACK returns, the port is open. If RST comes back, the port is closed (service not listening). If nothing returns within timeout, the port is filtered (firewall dropping packets).

Service identification (By port + banner)

Maps the port number to the IANA-registered service (port 80 → HTTP, 443 → HTTPS, 22 → SSH, 25 → SMTP, 3306 → MySQL, etc). For ports where the service responds on connection, captures the banner (e.g. `SSH-2.0-OpenSSH_8.9p1`) for finer-grained identification.

Common-port presets (Web · mail · admin · DB)

Pre-built scan lists for common scenarios. 'Web' scans 80, 443, 8080, 8443. 'Mail' scans 25, 110, 143, 465, 587, 993, 995. 'Database' scans 3306, 5432, 1433, 27017, 6379, 9200. 'Remote admin' scans 22, 23, 3389, 5900.

Custom port and range support (Any port)

Scan a single port, a comma-separated list, or a range (`8000-8100`). Useful for verifying specific services or checking for unexpected listeners on non-standard ports.

Response time per port (Latency signal)

Per-port response time. A 5ms response from an open port is normal; a 1000ms response signals network congestion, geographic distance, or a load-balanced backend. Filtered ports return the full timeout duration.

Firewall behavior detection (Open · closed · filtered)

Distinguishes three outcomes: open (service is listening), closed (host responds with RST, no service), filtered (no response — firewall is silently dropping). The distinction matters: closed means the host is reachable but the port isn't used; filtered means a firewall is between you and the host.

02 · WHY THIS MATTERS

Why port scanning is a basic operational skill

Port scanning isn't just for security pentesters. Five places it's useful in everyday operations:

  • Verifying a service deployment Just deployed a new service on port 8080. Verify it's actually listening and reachable from the public internet (or your VPN). Port scan from the right vantage point answers it instantly — faster than spinning up a remote shell.
  • Debugging connectivity issues Customer says they can't connect. Is the port open? Is it filtered? Is the host even reachable? A port scan from a known-good network gives you the answer in seconds — and rules out client-side network issues.
  • Verifying firewall rules Just changed a security-group rule or iptables policy. Port scan the host to verify the rule actually does what you intended. Easy way to catch typos and rule-ordering bugs.
  • Inventory and attack surface assessment Scan your own public IPs to know exactly what's listening. Most teams have at least one service exposed they didn't know about — a forgotten admin panel, a debug endpoint, a legacy app. Port scanning is the cheapest discovery method.
  • Investigating suspicious hosts An IP in your logs is doing something unexpected. What does it expose? Port scan gives you a quick fingerprint — open ports tell you whether it's a web server, a mail server, a generic VM, or something stranger.
03 · HOW IT WORKS

TCP SYN attempt, classify response, identify service

A port scan is a sequence of TCP connection attempts. The scanner sends a SYN packet to each target port and observes what comes back. Three possible outcomes; the tool surfaces all three with the right interpretation.

  • Stage 1 — Resolve the target If a hostname was provided, resolve it to an IP. If multiple IPs (round-robin DNS, dual-stack), pick the first one (or the user can specify). All probes go to the resolved IP.
  • Stage 2 — Send TCP SYN per port For each requested port, send a TCP SYN packet. SYN-ACK back = open (service listening, accepted the half-open connection). RST back = closed (host is up but nothing listens). Timeout = filtered (firewall silently dropped the SYN).
  • Stage 3 — Complete or abort connection For open ports, complete the handshake briefly then either capture a banner (if the service speaks first) or send RST to close. We don't hold long connections; the goal is reachability check, not exploitation.
  • Stage 4 — Identify the service Map port to IANA-registered service. For ports where banner-grab succeeded, parse the banner for further detail (SSH version, HTTP server header, SMTP greeting, etc). Most services respond with their identity in the first response packet.
  • Stage 5 — Measure response time Per-port round-trip time from SYN to first response. Fast responses (under 50ms) are typical for nearby or well-connected hosts. Slow responses (over 500ms) signal congestion, geographic distance, or load-balanced backends with backend-side latency.
  • Stage 6 — Aggregate and report Return the per-port result list — port number, status, identified service, banner (if captured), response time. Summary counts of open/closed/filtered ports across the scanned set.
04 · COMMON PORTS

What standard ports run on what services

Knowing which port runs what service helps interpret a scan result. The most common public-facing ports:

  • 20 / 21 — FTP File Transfer Protocol. Port 20 is data, 21 is control. Both legacy and insecure. Modern equivalents: SFTP (over SSH, port 22) or FTPS (over TLS, port 990). An open FTP on a production host is usually a misconfiguration.
  • 22 — SSH / SFTP Secure Shell — primary remote-admin protocol for Unix systems. Banner identifies version (`SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6`). Open SSH on a public IP is normal for servers; password auth is a finding (key-only is the modern default).
  • 25 / 465 / 587 — SMTP / SMTPS / Submission Mail transfer. Port 25 is inter-server SMTP. Port 587 is the modern client submission port. Port 465 is legacy SMTPS (deprecated but still common). Open 25 to the world on a non-mail server signals a possible open relay — historically a major spam vector.
  • 53 — DNS Domain Name System. UDP and TCP both. Open DNS on a public IP that isn't an authoritative or recursive resolver suggests a misconfigured open resolver — a known reflection-DDoS vector.
  • 80 / 443 / 8080 / 8443 — Web HTTP and HTTPS. 80 and 443 are standard. 8080 and 8443 are common alternatives — often used by application servers (Jenkins, Tomcat, GitLab admin) that should not be public-facing.
  • 110 / 143 / 993 / 995 — Mail retrieval POP3 (110), IMAP (143), IMAPS (993), POP3S (995). Mail-retrieval protocols used by clients. Open on consumer mail providers; should not be exposed by personal mail servers without explicit reason.
  • 3306 / 5432 / 1433 / 27017 / 6379 — Databases MySQL (3306), PostgreSQL (5432), Microsoft SQL Server (1433), MongoDB (27017), Redis (6379). Open database ports on the public internet are a major finding — most should be on private networks only, accessed via application servers.
  • 3389 / 5900 — Remote desktop Windows RDP (3389) and VNC (5900). Both have been historic sources of mass-scan / mass-exploit campaigns. Should never be public; require VPN or jump host.
  • 9200 / 9300 / 5601 — Search / Elastic stack Elasticsearch HTTP (9200), transport (9300), Kibana (5601). Default-config unprotected Elasticsearch clusters were a notable source of public-internet data leaks in 2018–2022. Should be on private networks.
05 · API

Use this programmatically

Per-port status, service identification, banner, and response time are available as JSON. Useful for deployment verification, firewall-rule testing, attack-surface monitoring, and incident-investigation automation.

cURL
curl 'https://api.domainscan.in/v1/ip/port?host=scanme.nmap.org&ports=22,80,443'
JavaScript (fetch)
const res = await fetch(
  'https://api.domainscan.in/v1/ip/port?host=example.com&ports=80,443,22'
);
const scan = await res.json();

console.log(scan.target);                  // 'example.com (93.184.216.34)'
console.log(scan.summary.openCount);       // 2
console.log(scan.summary.filteredCount);   // 1

scan.ports.forEach(p => {
  console.log(`${p.port} (${p.service}): ${p.status} — ${p.banner || 'no banner'}`);
});

// Deployment-verification gate
const expected = new Set([80, 443]);
const openSet  = new Set(scan.ports.filter(p => p.status === 'open').map(p => p.port));
const missing  = [...expected].filter(p => !openSet.has(p));
if (missing.length) {
  console.error('Expected ports not open:', missing);
  process.exit(1);
}
Response schema (abridged)
{
  "target":     "scanme.nmap.org",
  "resolvedIp": "45.33.32.156",
  "summary": {
    "totalScanned":  3,
    "openCount":     2,
    "closedCount":   0,
    "filteredCount": 1
  },
  "ports": [
    {
      "port":       22,
      "status":     "open | closed | filtered",
      "service":    "ssh",
      "banner":     "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6",
      "responseMs": 42
    }
  ]
}
06 · USE CASES

How teams use Port Scanner

Six patterns we see most often:

Post-deploy verification (Deploy)

After deploying a service, verify it's actually reachable on the expected port. Faster than waiting for the first customer complaint to surface a misconfigured load-balancer rule.

Firewall-rule validation (Security)

Changed a security group or firewall policy. Scan to verify the rule does what you intended — open ports actually open, closed ports actually closed, internal-only ports actually filtered from outside.

Attack-surface inventory (Asset discovery)

Scan your own public IPs to know what's exposed. Most environments have at least one forgotten service running on a non-standard port. Common-ports preset plus targeted custom-port scans cover most realistic exposure.

Connectivity debugging (Network)

Customer can't connect. Is the port open from outside? Filtered? Closed? A scan from a different network rules out client-side issues fast.

Pen-test pre-screen (Security)

Before paying for a pen test, scan your hosts for unexpected open ports. Close the obvious findings yourself; let pen-testers spend their hours on application-layer issues.

Hosting-vendor verification (Procurement)

Spinning up a new VPS or cloud instance. Scan the assigned IP before deploying to verify nothing unexpected is already listening (sometimes happens with cloud-provider default images or recycled IPs).

07 · QUESTIONS

Common questions

  • What is a port scanner? A tool that attempts TCP (or UDP) connections to specific ports on a target host to determine whether a service is listening. The classic example is nmap. Online port scanners (like this tool) run from a known vantage point and report the per-port result — useful for testing reachability from outside your network. Use only on hosts you own or have explicit permission to scan.
  • What's the difference between open, closed, and filtered? Open: the host responded with SYN-ACK to your SYN — a service is listening and accepting connections. Closed: the host responded with RST — the host is up but nothing listens on that port. Filtered: no response within timeout — a firewall is silently dropping packets between you and the host. Each outcome means something different operationally.
  • Which ports should I scan? Depends on what you're verifying. Common-port presets cover the high-value targets — web (80, 443, 8080, 8443), mail (25, 465, 587, 993, 995), admin (22, 3389), database (3306, 5432, 27017). For full-coverage scans, port ranges like 1-1024 (privileged ports) or 1-65535 (everything) are options — but slow. For deployment verification, scan the specific port your service uses.
  • Is port scanning legal? Scanning hosts you own or have explicit permission to scan is legal everywhere. Scanning third-party hosts without permission is legally ambiguous in many jurisdictions and prohibited by most network operators' terms of service. This tool runs against any host you provide, but you bear responsibility for having authorization.
  • Why does my port show as filtered when I expect it open? Common causes: (1) a firewall (security group, iptables, cloud-provider NACL) is dropping inbound traffic, (2) the service isn't actually listening (or crashed), (3) the host's OS firewall is blocking, (4) the host is using port-knocking or another non-standard reachability gate. Verify the service is running locally, then check firewall rules in order from outermost to innermost.
  • Why is my port scan slow? Filtered ports return only when the timeout expires — typically 2-5 seconds each. A scan of mostly-filtered ports will take time proportional to the port count. Open and closed ports return fast (under 1 second). Reducing the timeout speeds the scan but increases false-negatives on slow networks.
  • Can I scan UDP ports? This tool is TCP-focused. UDP scanning is significantly less reliable because there's no connection handshake — most UDP services don't respond unless probed with a service-specific payload, and 'no response' is ambiguous (open without response or filtered are indistinguishable). For UDP service verification, prefer service-specific tools (e.g., dig for DNS, snmpwalk for SNMP).
  • What's the difference between this and nmap? Nmap runs locally and has many more scan modes (SYN, ACK, FIN, NULL, Xmas, version detection, OS fingerprinting, NSE scripts). This tool runs from our public vantage point and is faster for the common 'is this port open from outside?' question — no install required, immediate results. Use this for quick external-reachability checks; use nmap for in-depth network scanning.