How to Check If a Port Is Open on Your Server or Network

Checking open ports is essential for both security and troubleshooting:

Security: Every open port is a potential entry point for attackers. If you're running a web server, you want ports 80 and 443 open — but port 3306 (MySQL) or port 22 (SSH) should not be accessible from the public internet unless absolutely necessary.

Troubleshooting: When a service isn't working — website not loading, email not arriving, SSH connection refused — the first step is checking whether the correct port is actually open and reachable.

Compliance: Security audits and compliance standards (PCI DSS, SOC 2) require regular port scanning to ensure only authorized services are exposed.

Verification after changes: After configuring firewall rules, port forwarding, or deploying a new service, you need to verify the ports are correctly open or closed.

The easiest way to check if a port is open from the outside is to use LookMyIP's Port Checker at lookmyip.com/port-checker.

Simply enter the IP address or hostname and the port number you want to check. The tool attempts a TCP connection from an external server and reports whether the port is open (accepting connections), closed (actively refusing), or filtered (no response — typically blocked by a firewall).

This is particularly useful because it shows how your ports appear to the outside world, which may differ from what you see locally. A port can be open on your server but blocked by an ISP, cloud provider security group, or intermediate firewall.

Using telnet: telnet example.com 443 If the connection succeeds, the port is open. If it says "Connection refused," the port is closed. If it hangs, the port is filtered.

Using nc (netcat): nc -zv example.com 443 The -z flag scans without sending data, and -v provides verbose output. Faster than telnet for quick checks.

Using nmap (most powerful): nmap -p 80,443,22 example.com Scan specific ports. Nmap reports whether each port is open, closed, or filtered.

nmap -p 1-1000 example.com Scan a range of ports.

Using PowerShell (Windows): Test-NetConnection -ComputerName example.com -Port 443 Built into Windows — no additional software needed.

Using curl: curl -v telnet://example.com:443 Another quick way to test TCP connectivity on systems that don't have telnet or nc.

Open: A service is listening on this port and accepting connections. For a web server, ports 80 and 443 should be open.

Closed: The port is reachable (the server responds), but no service is listening. The server sends back a TCP RST (reset) packet. This means the port isn't blocked by a firewall, but nothing is running on it.

Filtered: No response at all — packets are dropped silently. This usually means a firewall (iptables, AWS Security Group, cloud provider firewall) is blocking the port. This is the most secure state for ports you don't need.

Open|Filtered: Nmap can't determine if the port is open or filtered (common with UDP scans). UDP services don't always respond to probes.

For security, unexposed ports should be "filtered" (silently dropped), not "closed" (actively refused). Closed ports still reveal that a host exists at that IP address, while filtered ports give no information to potential attackers.

• Scan your own servers regularly. Run monthly port scans of your public-facing servers and compare results to your expected configuration.
• Follow the principle of least privilege. Only open ports that are needed. If you're running a web server, you need 80 and 443 — not 22 from everywhere.
• Restrict SSH access. If you need SSH (port 22), restrict it to specific IP addresses using firewall rules rather than leaving it open to the world.
• Close database ports. MySQL (3306), PostgreSQL (5432), MongoDB (27017), and Redis (6379) should never be open to the public internet. Access them through SSH tunnels or private network connections.
• Use cloud security groups. If you're on AWS, Azure, or GCP, configure security groups/firewall rules at the cloud level in addition to OS-level firewalls.
• Disable unused services. If you're not using FTP (21), Telnet (23), or other legacy services, stop the service and close the port.