What is a Port Scanner
A port scanner is a program that is used in network security testing and troubleshooting. An online port scanner is a scan that is able to externally test your network firewall and open ports because it is sourced from an external IP address. It is powered by a simple port scanner program that is hosted on another system usually with an easy to use web interface.
A port scanner helps you find out what parts of your network are visible to the Internet, the same way an attacker would.
Introduction to Network Basics
To understand what a port scanner does we need to first understand the basics of how the network "works". In referencing the network this could be a local area network in your home or office or it could be the Internet.
A network is comprised of systems with addresses and on those systems you have services.
The address is called an "IP Address" and the Service could be many things but is basically software that is running on the system and accessible over the network on a port number. It could be a web server, email server or gaming server. Other examples could include your smart TV, your laptop’s file sharing and your Wi-Fi router login page.
A service will run on an IP e.g 192.168.1.3 and listen on a port.
There are many resources that cover the more technical details of port scanning and the different types of port scanning. In this guide we are going to stick to the basics.
The missing part of this introduction to network basics is the hostname, DNS record or domain name. It is a reference to the IP address using an easier to remember name. For example what is easier to remember: 74.125.237.17 or www.google.com ?
When you type www.google.com into your browser you are directed via the domain name system to 74.125.237.17 on port 80. Browsers assume port 80 unless told otherwise. If you type https:// into the browser you go to a different port 443. As this is the standard port for the encrypted SSL protocol.
Common Ports found when using a Port Scanner:
| Port | What service runs here |
|---|---|
| 53 - DNS | The Domain Name System is one of the most common UDP services. It matches host names with IP addresses. DNS is a core part of the Internets plumbing. |
| 25 - SMTP | Responsible for sending email between mail servers. Often restricted or blocked on networks to prevent spam. |
| 80 - HTTP | Standard, unencrypted web traffic used by websites and web applications. |
| 22 - SSH | Secure remote login service used for server administration. A major target for brute-force and key-based attacks. |
| 143 - IMAP | Email retrieval protocol that keeps mail on the server and syncs across clients. |
| 443 - HTTPS | Encrypted web traffic using TLS. This is the default protocol for secure websites and APIs. |
| 445 - SMB | Used by Microsoft SMB for file sharing, printer sharing, and Windows domain services. Frequently targeted due to historical vulnerabilities. |
| 8080 - Proxy Server | Commonly used for proxy servers, web admin interfaces, or as an alternative to port 80 for web apps. |
Testing a Home Router or Small Business for Open Ports
In the diagram below we have a number of devices behind a typical broadband router. It is important to understand if any ports are open on the Internet facing interface as these are accessible by anyone on the Internet. Open ports on a broadband router could be management ports on the router that allow a remote user to change the configuration of the router. Another form of open port on the broadband router are ports that are fowarded to internal systems.Understanding the Risk of Open Ports
- Open ports expose services that attackers can interact with.
- Misconfigured or outdated services can leak sensitive data.
- Forwarded ports on home routers often expose devices unintentionally.
- Knowing your open ports helps reduce your attack surface.
What is Port Forwarding
Port forwarding allows internal hosts to provide services on the Internet facing device. Port forwarding is often used in gaming or to host something such as a web server or email server on the broadband Internet connection.
If you forward a port to an internal device, that device becomes directly reachable from the Internet, which can expose services unintentionally.
Nmap
The Nmap port scanner is the worlds leading port scanner. It is very accurate, stable and has more options than we are going to get into here, for more information and installation instructions head over to the nmap page.Sample Nmap Scan from HackerTarget.com
Starting Nmap 7.95 ( https://nmap.org ) at 2025-11-16 23:10 UTC Interesting ports on 123.123.123.123: Not shown: 997 filtered ports PORT STATE SERVICE VERSION 22/tcp open ssh 25/tcp open smtp 80/tcp open http Apache httpd 443/tcp closed https Service Info: OS: Linux Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 20.27 seconds We have scanned the IP Address: 123.123.123.123
Port States Explained
Open Port
An open port is one that has allowed a full three way TCP connection to be established. The port scanner in this case has found a port that responded as available to the scan and the connection was established. Secondary data from an open port is known as a banner, this is a text response that includes the type and sometimes version of the server listening.Closed Port
A Closed Port indicates that the port scan on that port was allowed through the firewall (or NAT device) but no port was listening. Instead the device responded with a TCP RST or RESET.Filtered Port
Filtered Ports are those that did not respond at all and these are typical of the response from a firewall. The actual firewall simply drops the packet and does not respond in anyway. From outside the firewall, a Port Scanner can test every port on the servers IP address.Port Ranges
Every IP address has: A full port scan attempts to probe any, or all, of these to map the attack surface.Frequently Asked Questions
Is scanning my own network legal?
Yes. You may legally scan networks and devices that you own or have permission to test.
Will a port scanner make changes to my system?
No. Port scanners only check whether services are responding. They do not modify anything.
Why do I see different results from internal vs external scans?
Your router or firewall often blocks ports from the Internet but allows them internally on your LAN.
Conclusion
Now that you have an understanding of what a port scanner is you can jump over to our Online Nmap Scan testing page and run a Free port scan. The advantage of using our server is that it is external facing to your network and will see what any other external attacker on the Internet will see. You can also install Nmap yourself and run it against your network, you will likely see a different result to that of the external facing scan.Next Level Your Technical Network Intelligence
-
13 Vulnerability Scanners -
17 Free DNS & Network Tools -
4+ Billion Records of DNS / IP data