// tool/port-scanner
Port Scanner (TCP)
Check whether common TCP services are open, filtered, or timing out from a controlled vantage point.
What this is
A port scan tells you which TCP services are reachable on a target from the public internet. Use it to validate firewall rules after a change, find services that escaped the firewall by accident, or confirm a vendor's published endpoint is actually listening.
What it covers
- ›Common port presets
- ›Timeout handling
- ›Responsible-use guardrails
- ›Result summaries
Operator notes
- $Only scan assets you own or have explicit permission to test.
- $Timeout does not always mean blocked; firewalls and distance matter.
- $Validate externally exposed ports against policy.
status: Authorized scan execution will be server-side with sane limits.
Port scanner (TCP)
Performs real TCP handshakes from our server. Max 256 ports per scan. Only scan systems you own or are explicitly authorized to test.
presets:
ready
portstatusservicebanner / detailsrtt
No results yet.
Frequently asked
- Is it legal to port scan a host?
- Scanning hosts you own or have written permission to test is fine. Scanning third parties without authorization can violate computer-misuse laws in many jurisdictions. When in doubt, don't.
- What does 'filtered' mean vs 'closed'?
- Closed = the host actively refused (RST). Filtered = no response at all, usually because a firewall silently dropped the probe. Filtered ports are intentionally invisible.
- Which ports should never be open to the internet?
- RDP (3389), SMB (445), Telnet (23), database ports, and SNMP. Put them behind a VPN or zero-trust proxy. Full reference in the ports cheatsheet.