Check open ports, scan common services, and analyze network security
Port scanning is a network reconnaissance technique used to identify which ports on a server or device are open and accepting connections. It's an essential tool for network administrators, security professionals, and IT professionals to audit network security.
Network ports are virtual endpoints for network communications. Think of them as doors on a server:
Port 80 (HTTP): Unencrypted web traffic. Standard port for websites.
Port 443 (HTTPS): Encrypted web traffic via SSL/TLS. Secure websites.
Port 22 (SSH): Secure Shell for encrypted remote access and file transfers.
Port 21 (FTP): File Transfer Protocol. Unencrypted file transfers.
Port 25 (SMTP): Simple Mail Transfer Protocol for sending email.
Port 53 (DNS): Domain Name System for domain name resolution.
Port 3389 (RDP): Remote Desktop Protocol for Windows remote access.
Port 3306 (MySQL): MySQL database server default port.
Security Auditing: Identify exposed services that shouldn't be public.
Vulnerability Assessment: Find services that may have security flaws.
Network Inventory: Document what services are running.
Troubleshooting: Verify services are accessible when expected.
Compliance: Ensure only approved services are exposed.
When Port Scanning is Legal:
When Port Scanning May Be Illegal:
Potential Consequences: Unauthorized port scanning may violate Computer Fraud and Abuse Act (CFAA) in the US or similar laws in other countries. Penalties can include fines, civil liability, and criminal charges.
Close Unnecessary Ports: Only expose services that need to be public.
Use Firewalls: Block access to sensitive ports (databases, management interfaces).
Implement VPNs: Require VPN access for administrative services.
Change Default Ports: Consider non-standard ports for sensitive services.
Monitor Port Scans: Use intrusion detection systems to detect scanning attempts.
Regular Audits: Periodically scan your own systems to verify security.
Port 21 (FTP): Unencrypted file transfers. Credentials sent in plain text. Use SFTP (port 22) instead.
Port 23 (Telnet): Unencrypted remote access. All data visible. Use SSH (port 22) instead.
Port 3389 (RDP): Remote Desktop frequently targeted by attackers. Don't expose to internet; use VPN.
Port 3306 (MySQL): Database should never be public. Use localhost or private network only.
Port 5432 (PostgreSQL): Database access. Same as MySQL - keep private.
Open: Port is accepting connections. Service is listening and accessible.
Closed: Port is not accepting connections. Either no service running or firewall blocking.
Filtered: Cannot determine if open/closed. Firewall or packet filter blocking probes.
Our tool scans 19 common service ports including web, email, database, and remote access ports. For each port, we:
No Open Ports: Good security posture. Server appears well-protected.
Web Ports Only (80, 443): Typical for web servers. Generally safe if properly configured.
Database Ports Open: Security risk. Databases should not be publicly accessible.
Administrative Ports Open (RDP, Telnet): High security risk. Should be behind VPN.
If you find unexpected open ports on your servers:
Scan 19 most common service ports quickly
Get security warnings for risky open ports
Measure connection response time for each port
A port scanner is a network tool that checks which TCP or UDP ports are open on a server or device. Ports are numbered endpoints (0-65535) where network services listen for connections. Each service uses specific ports: web servers use 80/443, email uses 25, SSH uses 22, etc. Port scanners send connection requests to these ports to determine which are accepting connections (open) and which are not (closed). This helps identify what services are running and potentially exposed on a network.
Port scanning legality depends on permission and intent. Legal when: (1) Scanning your own servers/network, (2) You have explicit written permission from system owner, (3) Authorized penetration testing, (4) Your job responsibilities include network security. Potentially illegal when: Scanning third-party systems without permission, scanning as reconnaissance for attacks, violating terms of service. In the US, unauthorized scanning may violate the Computer Fraud and Abuse Act (CFAA). Similar laws exist worldwide. Best practice: Only scan systems you own or have written authorization to test. When in doubt, get permission first.
Web: Port 80 (HTTP), 443 (HTTPS), 8080 (HTTP alternate). Remote Access: Port 22 (SSH), 3389 (RDP), 23 (Telnet - insecure). Email: Port 25 (SMTP), 110 (POP3), 143 (IMAP), 587 (SMTP submission). File Transfer: Port 21 (FTP), 22 (SFTP). Databases: Port 3306 (MySQL), 5432 (PostgreSQL), 1433 (SQL Server). Other: Port 53 (DNS), 5900 (VNC). These "well-known ports" (0-1023) are standardized by IANA (Internet Assigned Numbers Authority).
Database ports (3306, 5432, 1433): Databases should NEVER be publicly accessible. Expose them only on localhost or private networks. Port 3389 (RDP): Remote Desktop is heavily targeted by attackers. Use VPN access instead. Port 23 (Telnet): Completely insecure, sends passwords in plain text. Use SSH instead. Port 21 (FTP): Unencrypted file transfers. Use SFTP or FTPS. Management interfaces: Admin panels, control panels should be behind VPN. Best practice: Only expose services absolutely necessary for public access (typically just web ports 80/443). Everything else should require VPN or be on private networks only.
Multiple methods to close ports: (1) Stop the service: Disable/uninstall services you don't need. Example: systemctl stop mysql on Linux. (2) Configure firewall: Block ports at firewall level. Linux: ufw deny 3306, Windows: Windows Firewall settings. (3) Change service binding: Configure service to listen only on localhost (127.0.0.1) instead of all interfaces (0.0.0.0). (4) Cloud security groups: AWS Security Groups, Azure NSGs, GCP Firewall Rules to block ports. (5) Network firewall: Block at router/gateway level. Always verify changes with port scan after implementing. Close ports from outside-in: external firewall first, then host firewall.
If no common ports are open, it typically means: (1) Good security: Server is well-protected, only essential services exposed, (2) Firewall configured: Firewall is blocking all scanned ports, (3) Services on non-standard ports: Services may run on unusual port numbers, (4) Server offline: Server may be down or blocking all traffic. For web servers: At minimum, ports 80 and/or 443 should be open. If those are closed, website won't be accessible. For SSH access: Port 22 should be open (or whichever port SSH is configured on). No open ports is generally good for security, but verify legitimate services are accessible to intended users.
Port scanning itself rarely causes harm to properly configured servers: (1) No damage: Just connection attempts, doesn't exploit vulnerabilities, (2) Minimal load: Creates small amount of network traffic and connection attempts, (3) Detection risk: May trigger IDS/IPS alerts, get IP blocked temporarily. Potential issues: (1) Aggressive scans: Very fast scans might trigger rate limiting or DOS protection, (2) Vulnerable services: Some poorly-coded services might crash from unexpected connections, (3) Legal issues: Scanning systems you don't own may have legal consequences. Our scanner: Scans slowly with appropriate timeouts to avoid issues. Still, only scan systems you own or have permission to test.
Port scans take time because: (1) Multiple ports: Our scanner checks 19 different ports, (2) Timeout values: Each closed port requires waiting for timeout (2 seconds per port), (3) Sequential scanning: Checks ports one at a time to be respectful, (4) Network latency: Distance to server affects response time. Time calculation: Scanning 19 ports with 2-second timeout = up to 38 seconds worst case (all ports closed). Open ports respond faster. Why not faster? Aggressive/fast scanning: (1) Can overwhelm servers, (2) Triggers security systems, (3) May be seen as attack, (4) Can get your IP blocked. Our scan is intentionally measured and respectful to avoid these issues.
Investigation steps: (1) Identify the service: Google the port number to see what typically runs there, (2) Check running services: Linux: netstat -tuln or ss -tuln, Windows: netstat -ano, (3) Determine if needed: Is this service required for business operations?, (4) Review logs: Check for unauthorized access attempts, (5) Verify legitimacy: Ensure service wasn't installed by malware. Action items: If port is unnecessary: close it. If needed but exposed: add firewall rules, require VPN access, update/patch service, enable authentication, monitor access logs. Get help: If unsure, consult security professional or system administrator before making changes.