Hero Background

Next-Gen App & Browser Testing Cloud

Trusted by 2 Mn+ QAs & Devs to accelerate their release cycles

Next-Gen App & Browser Testing Cloud

Free Open Port Checker Online - TestMu AI (Formerly LambdaTest)

This free tool allows you to check whether a TCP port is open on any public host or IP address, tested from a real probe on the internet.

Host or IP Address

Public hosts only. Private ranges like 192.168.x.x cannot be reached from the internet.

Port

Output

Enter a host and port, then click Check Port.

What is a Port Checker?

A port checker is an online utility that tests whether a specific TCP port on a host is reachable from the public internet. It attempts a TCP connection from an external probe outside your network and reports whether the port accepts the handshake, along with latency and resolved IP details.

Every internet-facing service listens on a numbered port. Web servers on 443, mail on 25, databases on 3306, and so on. A port checker sends a TCP connect request to your chosen host and port from outside your network, then reports whether the handshake succeeded. Unlike a local scan from your LAN, this external vantage point shows what remote users and automated systems actually see when they try to reach your service across the internet.

Because the test originates from a real probe on the global internet, results reflect live routing, NAT, firewalls, and ISP policies, not just whether a daemon is running on your machine. That makes an open port checker essential for validating port forwarding rules, confirming cloud security groups, and troubleshooting remote access before you share a hostname with customers or teammates.

Port numbers range from 1 to 65535. Ports 1-1023 are well-known system ports assigned to common protocols. Ports 1024-49151 are registered for specific applications, and 49152-65535 are dynamic or private ports often used for ephemeral client connections. When you check if port is open, you are asking a remote machine on the internet to complete a three-way TCP handshake with your target on that exact number. If the SYN packet receives a SYN-ACK back, the port is considered open from that probe's perspective.

This differs from a full port scanner online, which sweeps many ports at once. A focused port checker tests one host and one port per request, making it ideal for confirming a single forwarding rule or verifying that a newly deployed service is externally reachable. Home users, DevOps engineers, and QA teams all rely on this targeted approach when they need a clear yes-or-no answer rather than a broad scan report.

How to Use the Port Checker?

Running a port check takes seconds and requires no software installation, command-line tools, or VPN configuration. Whether you are testing a cloud VM, a VPS, or your home router's public IP after configuring port forwarding, the workflow is the same. Follow these four steps to test any public host from an external probe:

  • Step 1: Enter a host or IP: Type a public domain name or IP address in the Host field. If you want to test port forwarding on your home connection, click Use My IP to auto-fill your current public address from ipify. The tool rejects private ranges like 192.168.x.x because external probes cannot route to them.
  • Step 2: Enter or pick a port: Type a port between 1 and 65535 in the Port field, or click a preset chip for common services like 22 SSH, 80 HTTP, 443 HTTPS, 3306 MySQL, or 25565 Minecraft. Presets save time when you already know which service you are validating.
  • Step 3: Click Check Port: The tool submits a TCP connect measurement to a global probe network and polls for the result. A spinner shows while the external probe attempts up to three connection packets toward your target. Rate limits may briefly delay results during heavy traffic.
  • Step 4: Read the verdict: Review whether the port is Open or Closed or filtered, along with resolved IP, latency in milliseconds, and the city and country of the probe that performed the test. Use Copy to save a labeled summary for tickets or documentation.

For the most reliable port forwarding test, run the check from this page (which always uses an external probe) rather than testing from a browser on the same Wi-Fi network. If the first attempt times out, wait a moment and retry. Transient network congestion can occasionally delay probe responses without indicating a misconfiguration on your side.

What Do Open, Closed, and Filtered Ports Mean?

Port states describe how a target responds when something on the internet tries to connect. Network administrators and security tools classify ports using these three terms, and understanding each state helps you interpret checker results and plan next troubleshooting steps:

  • Open: The probe completed a TCP handshake. Something accepted the connection on that port and is reachable from outside your network. Packets flow in both directions and the transport layer is functional, though the application may still reject requests at a higher layer.
  • Closed: The host responded with a TCP reset (RST), indicating no service is listening on that port or the connection was actively refused. The target is reachable, but nothing is bound to that port number.
  • Filtered: A firewall, router ACL, or cloud security group silently dropped the packets, so the probe received no reply at all and cannot tell whether a service exists behind the filter.

An online checker cannot always distinguish closed (RST) from filtered (dropped). Both may appear as Closed or filtered when no TCP reply is received. Testing your own router from inside the same network can also mislead due to NAT loopback: your request may never leave the LAN, so the result reflects internal routing instead of what the world sees. Use mobile data or ask a colleague on a different network to confirm external reachability.

Remember that a TCP open result does not guarantee the application is working correctly. It only proves something accepted the connection at the transport layer. A web server might accept port 443 while returning 502 errors. A database might accept 3306 while rejecting credentials. Combine port checks with application-level tests, log review, and health endpoints for a complete picture of service availability.

UDP ports behave differently and are not covered by this TCP checker. ICMP-based tools like ping measure a separate path from TCP connect tests. A host may respond to ping while a specific TCP port remains filtered, or vice versa. Always test the exact protocol and port your application uses.

Common TCP Ports Reference

Well-known ports map to standard internet services defined by IANA and decades of operational convention. When you test open ports, matching the correct number to the service you expect avoids false alarms. Checking port 80 when your app listens on 8080 will report closed even though the application is healthy on the alternate port.

Use this table as a quick reference when selecting a port to check or interpreting results from your open port checker. Notes highlight security considerations and common ISP restrictions that affect whether a port can be reached from the public internet even when correctly configured on your side:

PortServiceNotes
21FTPFile transfer. Prefer SFTP on 22
22SSHSecure shell remote administration
25SMTPOutbound mail. Often ISP-blocked inbound
53DNSDomain name resolution
80HTTPUnencrypted web traffic
110POP3Incoming mail retrieval
143IMAPMailbox sync over TCP
443HTTPSEncrypted web traffic. Standard for production sites
3306MySQLDatabase. Never expose publicly without strict controls
3389RDPWindows remote desktop
5432PostgreSQLDatabase. Restrict to trusted networks
8080HTTP alternateCommon proxy or dev server port
25565Minecraft JavaDefault game server port for Java Edition

Custom applications often bind to high-numbered ports above 1024. If your service uses a non-standard port, enter it manually rather than relying on presets. After reviewing the table, run a live check to confirm external reachability for the exact port your deployment uses in production.

Features of the Port Checker

Our port checker combines accurate external probing with a straightforward interface designed for developers, sysadmins, and home lab enthusiasts who need fast answers without installing nmap, telnet, or other local utilities. Every feature is tuned for the most common question in network troubleshooting: is this port reachable from outside?

  • Real External Probe: Tests run from a global measurement network on the public internet, not from your browser or LAN, so results reflect true external reachability. The probe location is shown in every result so you know which region performed the check.
  • No Signup: Start checking ports immediately with no account, API key, or credit card required. Paste a hostname, pick a port, and get a verdict in seconds.
  • Common Port Presets: One-click chips for FTP, SSH, SMTP, HTTP, HTTPS, MySQL, RDP, HTTP-alt, and Minecraft save time during troubleshooting sessions where you repeatedly test the same well-known services.
  • Latency and Resolved IP: Every result includes round-trip latency and the resolved IP address so you can confirm DNS and routing alongside port state. A mismatch between expected and resolved IP often explains unexpected closed results.
  • Private Address Guard: Built-in validation blocks private and reserved targets including 127.x, 10.x, 172.16-31.x, 192.168.x, link-local, and localhost that external probes cannot reach, preventing misleading requests and wasted measurement quota.
  • Free and Unlimited within fair use: Run as many checks as you need for legitimate testing on infrastructure you control or are authorized to assess. Automated bulk scanning of third-party hosts is discouraged and may hit rate limits.

TestMu AI (formerly LambdaTest) maintains this tool as part of its broader testing platform trusted by teams worldwide, with access to 10,000+ real devices and 3,000+ browsers for end-to-end validation beyond transport-layer checks. When a port shows open but your app still fails in production, move from network diagnostics to functional testing on real hardware and browser combinations the same platform provides.

Results are displayed in a structured table with mobile-friendly stacked layout, labeled copy output for incident tickets, and clear color-coded verdicts so you can share findings with teammates who may not be familiar with raw TCP dump output.

Use Cases of the Port Checker

Whether you manage a home server, a corporate data center, or ephemeral cloud instances, an external port check answers the question remote clients ask: can I connect? The scenarios below are among the most common reasons teams reach for a port checker during deployment, migration, or incident response.

  • Verify port forwarding: Confirm game or media server ports are reachable after configuring router NAT rules. Home lab users testing Minecraft on 25565 or Plex on custom ports can validate forwarding before sharing an invite link with friends.
  • Confirm firewall rules: Validate AWS security group, Azure NSG, or iptables changes after deployment without waiting for user reports. A quick check on 443 confirms your load balancer path is open end-to-end.
  • Debug SSH or RDP connectivity: Test ports 22 or 3389 from outside before sharing access credentials with a remote team. If the checker reports filtered, inspect upstream firewalls before blaming the SSH daemon configuration.
  • Check web server reachability: Pair with our HTTP status code checker to confirm both the port and application respond correctly. Port 443 open plus HTTP 200 is a stronger signal than either test alone.
  • Validate staging environments: Run checks before QA test runs on ping, DNS lookup, and WebSocket tools to build a complete connectivity picture.
  • Confirm your public IP: Use What Is My IP to verify the address your ISP assigns before testing port forwarding on a home connection. Dynamic IPs change after router reboots, so re-check after outages.

Security teams also use single-port checks during authorized penetration tests to document exposure before remediation. Document each result with the Copy button to attach labeled evidence to audit trails. Always obtain written permission before testing infrastructure outside your organization.

Frequently Asked Questions (FAQs)

1. How do I check if a port is open?

Enter a public hostname or IP and a port number, then click Check Port. The tool runs a TCP connect test from an external probe on the internet and reports whether the port accepts connections, along with latency and the resolved IP address.

2. What does an open port mean?

An open port means a TCP connection to that port on the target host was accepted from outside the network. Something is listening and reachable on that port, though it does not guarantee the application behind it is configured correctly or secure.

3. Why is my port closed after setting up port forwarding?

Port forwarding may be misconfigured, blocked by an ISP, pointing to the wrong internal IP, or overridden by a firewall on the router or host. Testing from inside the same LAN can also fail due to NAT hairpin limitations. Try checking from mobile data instead.

4. Can I check ports on 192.168.x.x or localhost?

No. Private addresses like 192.168.x.x, 10.x.x.x, 172.16-31.x, and localhost are not reachable from external internet probes. This tool can only test public hosts and IP addresses that are routable from the open internet.

5. Is port checking legal?

Yes, when you test hosts you own or have explicit authorization to assess. Scanning random systems without permission may violate laws or provider terms. Always obtain consent before running port checks against infrastructure you do not control.

6. What is the difference between closed and filtered?

A closed port typically rejects the connection with a TCP reset, while a filtered port drops packets silently with no reply. Online checkers often cannot distinguish the two. Both appear as unreachable because the probe sees no successful TCP handshake in either case.

7. Which ports do ISPs commonly block?

Many residential ISPs block inbound connections on ports such as 25 (SMTP), 80 (HTTP), 443 (HTTPS), and 8080 to reduce abuse. Outbound browsing on 80/443 is usually allowed, but hosting servers from home networks often requires business plans or alternative ports.

8. Does an open port mean my application is working?

Not necessarily. An open port only confirms that something accepted a TCP connection on that port. The service may still return errors, require authentication, or misbehave at the application layer. Combine port checks with application-level tests for full confidence.

Did you find this page helpful?

TestMu AI forEnterprise

Get access to solutions built on Enterprise
grade security, privacy, & compliance

  • Advanced access controls
  • Advanced data retention rules
  • Advanced Local Testing
  • Premium Support options
  • Early access to beta features
  • Private Slack Channel
  • Unlimited Manual Accessibility DevTools Tests