How to Scan Ports: Complete Guide to Port Scanning
Port scanning is the process of checking which network ports are open, closed, or filtered on a host. It's a fundamental tool for network administrators, security professionals, and anyone who wants to understand what services are running on a server. This guide covers how port scanning works, the tools you can use, and how to interpret the results.
What is a Port?
A port is a number from 0 to 65535 that identifies a specific service on a device. When your browser connects to a website, it uses port 443 for HTTPS. When you send an email, it uses port 587. Ports are divided into three ranges: well-known ports (0-1023) for standard services, registered ports (1024-49151) for applications, and dynamic ports (49152-65535) for temporary connections. See our complete ports guide for a detailed list.
Why Scan Ports?
- Security audits: Find unexpectedly open ports that attackers could exploit
- Network troubleshooting: Verify that services are running and accessible li>Service discovery: Identify what services a host is running
- Firewall testing: Confirm that firewall rules are blocking the right traffic
- Compliance: Verify that only approved ports are open on production servers
Understanding Port States
| State | Meaning | Implication |
|---|---|---|
| Open | A service is actively listening on this port | The port accepts connections — verify this is intentional |
| Closed | No service is listening, but the host responded | The host is reachable but the port has no service — safe |
| Filtered | A firewall is blocking access to the port | Cannot determine if a service is running — firewall is active |
How to Scan Ports with miip.link
The easiest way to scan ports is using the free port scanner on miip.link. Simply enter any hostname or IP address and our tool checks the most common ports instantly — no installation required.
Our scanner checks: SSH (22), HTTP (80), HTTPS (443), FTP (21), DNS (53), SMTP (25), POP3 (110), IMAP (143), MySQL (3306), RDP (3389), PostgreSQL (5432), Redis (6379), and more.
Command-Line Port Scanning Tools
nmap (Most Powerful)
nmap is the industry standard for port scanning. It's free, open source, and incredibly powerful.
# Scan most common 1000 ports nmap example.com # Scan specific ports nmap -p 22,80,443,3306 example.com # Scan all 65535 ports nmap -p- example.com # Scan with service detection nmap -sV example.com # Scan with OS detection nmap -O example.com # Fast scan (top 100 ports) nmap -F example.com
netcat (Quick Checks)
# Check if a single port is open nc -zv example.com 443 # Check multiple ports nc -zv example.com 22 80 443
telnet (Basic Check)
# Check if port 443 is open telnet example.com 443
TCP vs UDP Scanning
Most port scanning focuses on TCP ports, but UDP ports are also important. TCP scanning sends a SYN packet and waits for a response, while UDP scanning sends a UDP packet and waits for a reply or timeout. UDP scanning is slower and less reliable because UDP doesn't guarantee delivery.
# TCP scan (default) nmap -sT example.com # UDP scan nmap -sU example.com # Combined TCP + UDP nmap -sT -sU example.com
Common Ports to Scan
| Port | Service | Risk Level |
|---|---|---|
| 22 | SSH | Medium — common attack target, use key auth |
| 21 | FTP | High — plaintext credentials |
| 23 | Telnet | Critical — never use, unencrypted |
| 25 | SMTP | Low — standard mail, often blocked by ISPs |
| 53 | DNS | Low — necessary for domain resolution |
| 80 | HTTP | Medium — redirects to HTTPS preferred |
| 443 | HTTPS | Low — secure web, should be open |
| 3306 | MySQL | Critical — never expose to Internet |
| 3389 | RDP | High — common ransomware target |
| 5432 | PostgreSQL | Critical — never expose to Internet |
Security Best Practices
- Only scan hosts you own or have permission to scan — unauthorized port scanning may be illegal
- Close unused ports — every open port is a potential attack surface
- Use firewalls to block all ports except those you explicitly need
- Never expose databases (MySQL, PostgreSQL, Redis, MongoDB) to the Internet
- Change default ports for SSH and RDP to reduce automated attacks
- Use encrypted alternatives — HTTPS over HTTP, SSH over Telnet, IMAPS over IMAP
FAQ
Is port scanning legal?
Port scanning itself is generally legal in most jurisdictions, similar to checking if a door is locked. However, scanning systems you don't own without permission may violate terms of service or laws in some countries. Always scan your own systems or get explicit permission.
Can port scanning harm a system?
Basic port scanning (SYN scans) is non-intrusive and won't harm a system. However, aggressive scanning techniques (like vulnerability scanning or DoS-level intensity) can cause service disruptions. Use reasonable scan rates.
Why are some ports shown as "filtered"?
A filtered port means a firewall is blocking access, so the scanner cannot determine if a service is running. This is actually a good sign — it means your firewall is doing its job.
Scan ports instantly with the miip.link free port scanner — no installation required.