Next-Gen App & Browser Testing Cloud
Trusted by 2 Mn+ QAs & Devs to accelerate their release cycles

This free tool allows you to check whether a TCP port is open on any public host or IP address, tested from a real probe on the internet.
Public hosts only. Private ranges like 192.168.x.x cannot be reached from the internet.
Enter a host and port, then click Check Port.
A port checker is an online utility that tests whether a specific TCP port on a host is reachable from the public internet. It attempts a TCP connection from an external probe outside your network and reports whether the port accepts the handshake, along with latency and resolved IP details.
Every internet-facing service listens on a numbered port. Web servers on 443, mail on 25, databases on 3306, and so on. A port checker sends a TCP connect request to your chosen host and port from outside your network, then reports whether the handshake succeeded. Unlike a local scan from your LAN, this external vantage point shows what remote users and automated systems actually see when they try to reach your service across the internet.
Because the test originates from a real probe on the global internet, results reflect live routing, NAT, firewalls, and ISP policies, not just whether a daemon is running on your machine. That makes an open port checker essential for validating port forwarding rules, confirming cloud security groups, and troubleshooting remote access before you share a hostname with customers or teammates.
Port numbers range from 1 to 65535. Ports 1-1023 are well-known system ports assigned to common protocols. Ports 1024-49151 are registered for specific applications, and 49152-65535 are dynamic or private ports often used for ephemeral client connections. When you check if port is open, you are asking a remote machine on the internet to complete a three-way TCP handshake with your target on that exact number. If the SYN packet receives a SYN-ACK back, the port is considered open from that probe's perspective.
This differs from a full port scanner online, which sweeps many ports at once. A focused port checker tests one host and one port per request, making it ideal for confirming a single forwarding rule or verifying that a newly deployed service is externally reachable. Home users, DevOps engineers, and QA teams all rely on this targeted approach when they need a clear yes-or-no answer rather than a broad scan report.
Running a port check takes seconds and requires no software installation, command-line tools, or VPN configuration. Whether you are testing a cloud VM, a VPS, or your home router's public IP after configuring port forwarding, the workflow is the same. Follow these four steps to test any public host from an external probe:
For the most reliable port forwarding test, run the check from this page (which always uses an external probe) rather than testing from a browser on the same Wi-Fi network. If the first attempt times out, wait a moment and retry. Transient network congestion can occasionally delay probe responses without indicating a misconfiguration on your side.
Port states describe how a target responds when something on the internet tries to connect. Network administrators and security tools classify ports using these three terms, and understanding each state helps you interpret checker results and plan next troubleshooting steps:
An online checker cannot always distinguish closed (RST) from filtered (dropped). Both may appear as Closed or filtered when no TCP reply is received. Testing your own router from inside the same network can also mislead due to NAT loopback: your request may never leave the LAN, so the result reflects internal routing instead of what the world sees. Use mobile data or ask a colleague on a different network to confirm external reachability.
Remember that a TCP open result does not guarantee the application is working correctly. It only proves something accepted the connection at the transport layer. A web server might accept port 443 while returning 502 errors. A database might accept 3306 while rejecting credentials. Combine port checks with application-level tests, log review, and health endpoints for a complete picture of service availability.
UDP ports behave differently and are not covered by this TCP checker. ICMP-based tools like ping measure a separate path from TCP connect tests. A host may respond to ping while a specific TCP port remains filtered, or vice versa. Always test the exact protocol and port your application uses.
Well-known ports map to standard internet services defined by IANA and decades of operational convention. When you test open ports, matching the correct number to the service you expect avoids false alarms. Checking port 80 when your app listens on 8080 will report closed even though the application is healthy on the alternate port.
Use this table as a quick reference when selecting a port to check or interpreting results from your open port checker. Notes highlight security considerations and common ISP restrictions that affect whether a port can be reached from the public internet even when correctly configured on your side:
| Port | Service | Notes |
|---|---|---|
| 21 | FTP | File transfer. Prefer SFTP on 22 |
| 22 | SSH | Secure shell remote administration |
| 25 | SMTP | Outbound mail. Often ISP-blocked inbound |
| 53 | DNS | Domain name resolution |
| 80 | HTTP | Unencrypted web traffic |
| 110 | POP3 | Incoming mail retrieval |
| 143 | IMAP | Mailbox sync over TCP |
| 443 | HTTPS | Encrypted web traffic. Standard for production sites |
| 3306 | MySQL | Database. Never expose publicly without strict controls |
| 3389 | RDP | Windows remote desktop |
| 5432 | PostgreSQL | Database. Restrict to trusted networks |
| 8080 | HTTP alternate | Common proxy or dev server port |
| 25565 | Minecraft Java | Default game server port for Java Edition |
Custom applications often bind to high-numbered ports above 1024. If your service uses a non-standard port, enter it manually rather than relying on presets. After reviewing the table, run a live check to confirm external reachability for the exact port your deployment uses in production.
Our port checker combines accurate external probing with a straightforward interface designed for developers, sysadmins, and home lab enthusiasts who need fast answers without installing nmap, telnet, or other local utilities. Every feature is tuned for the most common question in network troubleshooting: is this port reachable from outside?
TestMu AI (formerly LambdaTest) maintains this tool as part of its broader testing platform trusted by teams worldwide, with access to 10,000+ real devices and 3,000+ browsers for end-to-end validation beyond transport-layer checks. When a port shows open but your app still fails in production, move from network diagnostics to functional testing on real hardware and browser combinations the same platform provides.
Results are displayed in a structured table with mobile-friendly stacked layout, labeled copy output for incident tickets, and clear color-coded verdicts so you can share findings with teammates who may not be familiar with raw TCP dump output.
Whether you manage a home server, a corporate data center, or ephemeral cloud instances, an external port check answers the question remote clients ask: can I connect? The scenarios below are among the most common reasons teams reach for a port checker during deployment, migration, or incident response.
Security teams also use single-port checks during authorized penetration tests to document exposure before remediation. Document each result with the Copy button to attach labeled evidence to audit trails. Always obtain written permission before testing infrastructure outside your organization.
Enter a public hostname or IP and a port number, then click Check Port. The tool runs a TCP connect test from an external probe on the internet and reports whether the port accepts connections, along with latency and the resolved IP address.
An open port means a TCP connection to that port on the target host was accepted from outside the network. Something is listening and reachable on that port, though it does not guarantee the application behind it is configured correctly or secure.
Port forwarding may be misconfigured, blocked by an ISP, pointing to the wrong internal IP, or overridden by a firewall on the router or host. Testing from inside the same LAN can also fail due to NAT hairpin limitations. Try checking from mobile data instead.
No. Private addresses like 192.168.x.x, 10.x.x.x, 172.16-31.x, and localhost are not reachable from external internet probes. This tool can only test public hosts and IP addresses that are routable from the open internet.
Yes, when you test hosts you own or have explicit authorization to assess. Scanning random systems without permission may violate laws or provider terms. Always obtain consent before running port checks against infrastructure you do not control.
A closed port typically rejects the connection with a TCP reset, while a filtered port drops packets silently with no reply. Online checkers often cannot distinguish the two. Both appear as unreachable because the probe sees no successful TCP handshake in either case.
Many residential ISPs block inbound connections on ports such as 25 (SMTP), 80 (HTTP), 443 (HTTPS), and 8080 to reduce abuse. Outbound browsing on 80/443 is usually allowed, but hosting servers from home networks often requires business plans or alternative ports.
Not necessarily. An open port only confirms that something accepted a TCP connection on that port. The service may still return errors, require authentication, or misbehave at the application layer. Combine port checks with application-level tests for full confidence.
Did you find this page helpful?
TestMu AI forEnterprise
Get access to solutions built on Enterprise
grade security, privacy, & compliance