How to Check Open Ports on Your Network (and Why It Matters)

By /

Every open port on your network is a door. Some doors need to be open — your web server’s port 443, your email client’s port 993. But doors you’ve forgotten about, or that were opened by software without your knowledge, are a security risk. Knowing which ports are open is fundamental to understanding your network’s attack surface.

What Is an Open Port?

A port is a numbered endpoint on a network connection. When a program listens for connections on a specific port, that port is “open.” If nothing is listening, or a firewall is blocking connections, the port is “closed” or “filtered.”

Ports 0–1023 are well-known ports assigned to standard services. Ports 1024–49151 are registered ports. Ports 49152–65535 are dynamic/private ports used for outgoing connections.

Why You Should Check Your Open Ports

  • Identify services you’ve forgotten about that are still running
  • Verify that your firewall is working as expected
  • Find port forwarding rules you’ve set up and forgotten
  • Check if malware has opened a backdoor port
  • Understand what attackers can see when they scan your IP

Method 1: Use an Online Port Scanner

The fastest way to check what’s visible from the public internet: use the ExamineIP Port Scanner. It performs real TCP connection attempts to your IP from an external server, showing exactly which ports are visible to anyone on the internet.

To use it:

  1. Visit tools.examineip.com to find your public IP
  2. Open the Port Scanner
  3. Click “Use My IP” or enter your IP manually
  4. Select “Common” preset (21 ports) or run all 26
  5. Review results: Open = exposed; Filtered = protected by firewall; Closed = reachable but nothing listening

Method 2: Scan From Inside (netstat)

To see what’s running on your own device, use the netstat command. This shows ports listening locally — including services that aren’t exposed to the internet but are still running on your device.

Windows:

  1. Open Command Prompt as Administrator
  2. Run: netstat -ano
  3. Look for lines showing LISTENING — these are active listening ports
  4. The last column shows the Process ID (PID) — open Task Manager to match it to an application

To find which program is using a specific port:

netstat -ano | findstr :80 (replace 80 with your port number)

Mac/Linux:

sudo lsof -i -P -n | grep LISTEN

Method 3: nmap (Advanced)

nmap is the professional-grade port scanner used by network engineers and security researchers. Install from nmap.org and run:

nmap -sV 192.168.1.0/24 to scan your entire local network

nmap -sV your.public.ip to scan your external IP

The -sV flag attempts to detect service versions — useful for finding outdated services.

Dangerous Ports to Watch For

If any of these show as “open” when you scan your public IP, investigate immediately:

  • Port 23 (Telnet): Unencrypted remote access. Should never be open to the internet.
  • Port 3389 (RDP): Windows Remote Desktop. Constantly scanned by brute-force bots.
  • Port 22 (SSH): Secure Shell. Legitimate use but heavily scanned. Should use key-based auth only.
  • Port 445 (SMB): Windows file sharing. Was exploited by WannaCry ransomware. Should not be internet-facing.
  • Port 3306 (MySQL): Database port. Should never be exposed to the public internet.
  • Port 6379 (Redis): Defaults to no authentication. An exposed Redis port is a critical vulnerability.

How to Close Unwanted Open Ports

  • Stop the service: If a service is running that you don’t need, stop and disable it
  • Remove port forwarding rules: Log into your router and delete any rules you no longer need
  • Enable firewall blocking: Add a firewall rule to block inbound connections to the specific port
  • Disable UPnP: UPnP lets applications open ports automatically — disabling it prevents unexpected port openings

Scan your ports right now

Use the ExamineIP Port Scanner — real TCP scan, 26 common ports, results in seconds. Checks for open database ports, RDP, SSH, SMB, and more.

Frequently Asked Questions

Is it illegal to port scan someone else’s IP?

Scanning your own IP is legal and important for security. Scanning someone else’s IP without permission is legally questionable in many jurisdictions and is generally considered hostile reconnaissance. Only scan IPs you own or have explicit permission to test.

What does “filtered” mean in a port scan?

Filtered means the port scan received no response — the port is being silently blocked, usually by a firewall. This is the ideal state for ports you don’t want exposed: not just closed, but invisible.

My scan shows port 80 is open but I don’t have a web server. Why?

Some ISPs run diagnostic services on customer IPs. Some routers have a built-in web admin interface accessible on port 80. Check your router settings to disable external web admin access.

Scroll to Top