A port scan probes the TCP ports on an IP
address to determine whether each one is
open, closed, or filtered. Every
internet-connected device has 65,535 TCP
ports. Each port serves as an endpoint for
a specific type of network traffic, from
web browsing on port 443 to email delivery
on port 25.
portscan.com runs the check from the open
internet —the same vantage point as
anyone else trying to reach the IP. That
is what matters for port forwarding, a home
lab, or checking a firewall: the outside
world only sees what answers from outside,
not what looks fine on the local Wi-Fi.
Only the IP address tied to the current
visit is scanned. There is no box to type
another address; the site determines it
from the connection. Other people’s
addresses are not scanned.
How to read scan results
Port scan results report each port in one
of three states.
Open means a service is
listening and accepting connections.
Port 443 open on a web server is expected.
Port 3306 (MySQL) or port 6379 (Redis)
open to the internet is often a
misconfiguration worth investigating.
An open port that does not match an
intentional service —especially
remote access, file sharing, or
proxy-style traffic —can sometimes
reflect forgotten software, a wide-open
setting, or in rare cases unwanted
programs that listen for inbound
connections. The scan only shows what
answers from outside; it does not identify
malware. Matching each open port to a
known app or device (or asking an IT
contact) is the right next step.
Closed means no service
is listening on the port. The host
actively rejected the connection. A closed
port is not a security concern.
Filtered means a firewall
or router silently dropped the connection
attempt without any response. The port is
unreachable from the outside. Most home
internet connections behind a router show
the majority of ports as filtered, and
this is normal.
The fast scan checks 32 common ports and
displays all results regardless of state.
The deep scan covers all 65,535 TCP ports
and only displays open and filtered ports,
since listing tens of thousands of closed
ports adds nothing useful. The deep scan
also runs service version detection,
identifying the software behind each open
port.
Abuse contact and opt-out
Seeing this traffic in logs?
The Abuse contact page
lists the scanner IP addresses, how to
verify them (FCrDNS), and what the traffic
means.
Want scans to stop for an IP or
range? Use
Opt-out for one-click
exclusion of the current address, or follow
the email instructions listed for CIDR
ranges.
Frequently asked questions
Is this safe to use?
Yes, portscan.com is safe to use. It scans the IP address of the device making the request and nothing else. The target is set server-side from the connection and cannot be changed or influenced by any user input. Running a port scan on an owned IP address is a standard network diagnostic, equivalent to checking from the outside whether a service is reachable.
Is port scanning illegal?
portscan.com only checks the public IP address of the connection in use —the same address any “what is my IP” page would show. Seeing which ports on that address respond from the outside is a normal step when setting up a home server, remote access, mail, or a game server. The scan target is fixed on the server from the connection itself, so the tool cannot be aimed at someone else’s network. The legal situation gets serious mainly when people probe systems they do not run or have permission to test; that situation does not apply here. portscan.com is not a “port scanner” in the sense of scanning third-party networks. It only scans the IP address of the person making the request.
What is the difference between fast scan and deep scan?
The fast scan checks 32 common TCP ports. It finishes in about 20 seconds once the scan has started. Those 32 ports cover the services most often found on internet-facing systems: web servers, email, SSH, databases, remote access, and container infrastructure. The deep scan checks all 65,535 TCP ports and takes about 60 seconds once the scan has started. When the scanner queue is busy, an extra waiting period can apply before the scan begins. Open ports appear progressively as each deep scan segment completes. The deep scan also detects the software and version behind each open port using nmap’s service detection.
I see open ports I never meant to expose. What now?
Each open port should map to something deliberate: a game, remote desktop, NAS, or a dev tool left running. The port reference page describes common ports. If nothing lines up, tighten firewall rules, disable unused services, and run a current malware scan on the affected machine —unexpected listeners are not always malicious, but they are worth clearing up.
What does "filtered" mean?
A filtered port did not respond to the connection attempt at all. A firewall, router, or other network device silently dropped the packet instead of rejecting the connection. Most residential internet connections show the majority of ports as filtered because the router’s built-in firewall blocks all unsolicited inbound traffic. Seeing all or most ports filtered is expected behind a standard home router or corporate firewall. Filtered is different from closed: a closed port actively sends back a rejection, while a filtered port gives no response.
Does portscan.com store results?
Scan metadata is logged for 180 days for abuse prevention and legal compliance under German law. The log includes the IP address, scan type, ports found open or filtered, and a timestamp. Detailed scan results are kept for 24 hours for operational purposes. A 7-day history of completed scans is visible from the same IP. No user accounts exist, no data goes to third parties, and the only analytics in use is a self-hosted Plausible instance collecting aggregate page views without cookies or personal data. The privacy policy has full details.
How long does a port scan take?
The fast scan takes about 20 seconds and the deep scan of all 65,535 TCP ports takes about 60 seconds, each measured from when the scan actually starts. When the queue is busy, additional waiting time can occur before the scan starts. Deep scan results appear progressively as each segment completes rather than all at once at the end. How soon partial results appear depends on the scan type and network conditions.
What ports are included in the fast scan?
Thirty-two TCP ports covering the most commonly exposed and most frequently misconfigured services: FTP (21), SSH (22), Telnet (23), SMTP (25), DNS (53), HTTP (80), POP3 (110), MSRPC (135), NetBIOS (139), IMAP (143), HTTPS (443), SMB (445), SMTP submission (587), IMAPS (993), POP3S (995), MSSQL (1433), Docker API (2375), MySQL (3306), RDP (3389), UPnP (5000), PostgreSQL (5432), VNC (5900), Redis (6379), Kubernetes API (6443), HTTP alternate (8080), HTTPS alternate (8443), Prometheus (9090), Elasticsearch (9200), Memcached (11211), and MongoDB (27017). A full breakdown with descriptions and security notes is on the port reference page.
Why does the scan include port 25?
Port 25 is the usual port for server-to-server SMTP: other mail systems use it to deliver email to a host on the internet. The fast scan includes it so anyone running or troubleshooting mail—or checking whether an ISP blocks outbound SMTP—sees that answer in the same pass as web, SSH, and the other common ports. Some online checks skip port 25 or never complete a real probe from outside; here it is tested like the rest of the list, so the result reflects what the wider internet can reach on that address.