RevealTheme logo

Port Checker

Check whether a TCP port on a public host is open by attempting a connection from our server. The probe reports open with round-trip latency, or closed with the underlying reason such as a refused connection or timeout.

How to use this tool

  1. 1

    Type the public hostname or IP you want to probe (for example example.com) into the host field.

  2. 2

    Set the port number, either by typing it or clicking one of the quick presets like 22, 80, 443, or 3306.

  3. 3

    Click Check and wait up to five seconds for the result.

  4. 4

    Read the result banner: green means the port accepted a TCP connection (with latency in milliseconds), red means it did not (with the reason code).

What does checking if a TCP port is open actually mean?

Every network service listens on a numbered TCP port: web servers on 80 and 443, SSH on 22, SMTP on 25, MySQL on 3306, PostgreSQL on 5432, Redis on 6379, MongoDB on 27017. A port is open when something is listening and a firewall permits the connection. This tool determines that by opening a real TCP socket from our server to your host and completing the three-way handshake (SYN, SYN-ACK, ACK). If the handshake succeeds it reports the port open along with the round-trip time in milliseconds. If the remote host actively refuses the connection you get a reason code like ECONNREFUSED, meaning the host is reachable but nothing is listening on that port. If no response arrives within five seconds the check returns a timeout, which usually means a firewall is silently dropping packets. This is a plain TCP connect probe: it does not send any protocol data, grab service banners, perform TLS handshakes, or test UDP ports. Because the connection originates from our server rather than your machine, the result reflects what the public internet can reach, which is exactly what you want when verifying that a service is exposed.

Common use cases

  • Confirm a freshly deployed web app is reachable on port 443 before pointing DNS or a load balancer at it.

  • Diagnose why clients cannot connect to a database by checking whether 3306 or 5432 is actually exposed.

  • Verify a new firewall or security-group rule opened (or closed) the port you intended.

  • Check that a sensitive service like Redis on 6379 or MongoDB on 27017 is NOT left open to the public internet.

  • Test whether an outbound SSH or SMTP port is blocked between a remote host and the public internet.

  • Validate that a port-forward or reverse proxy is passing traffic through to the expected backend port.

Frequently asked questions

Why does my localhost or internal service not show as open?
The probe runs from our server and blocks private, loopback, and metadata addresses (localhost, 127.0.0.1, 10.x, 192.168.x, 169.254.x) as an SSRF safeguard. To test those, run a local tool like nc or nmap on the same network instead.
What is the difference between 'closed' with ECONNREFUSED and 'timeout'?
ECONNREFUSED means the host is up and reachable but nothing is listening on that port, so it actively rejected the connection. A timeout means no reply came back within five seconds, which typically indicates a firewall silently dropping the packets rather than rejecting them.
Does an open port mean the service is healthy?
No. This is only a TCP connect test. It confirms something accepted the connection but does not send protocol data, so it cannot tell whether the web server returns 200, the database authenticates, or TLS is configured correctly. Use a protocol-specific check for that.
Can it check UDP ports like DNS on 53 or a game server?
No. The tool only opens TCP sockets. UDP is connectionless and cannot be probed this way, so ports that run solely over UDP will not return meaningful results here.
Is my host or port data uploaded or stored?
The host and port you enter are sent to our server because the probe must originate there to reach the public internet. The request is used only to run the single connection check and is not part of any browser-only, offline workflow.
Why is there a five-second limit and what do the presets mean?
Connections that have not completed within five seconds are reported as a timeout so the tool does not hang on filtered ports. The preset buttons (22, 25, 80, 443, 3306, 5432, 6379, 27017) are common service ports for SSH, SMTP, HTTP, HTTPS, MySQL, PostgreSQL, Redis, and MongoDB to save you typing.
Can I enter an IP address instead of a hostname?
Yes. Public IPv4 addresses and hostnames both work, as long as they are not private or loopback ranges. Hostnames are resolved to an address before the connection attempt.

Related tools