How to Check If a Port Is Open: Complete Troubleshooting Guide

Whether you're setting up a game server, configuring remote access, troubleshooting a connection that won't work, or verifying your firewall settings, knowing how to check if a network port is open is an essential skill. A closed or blocked port is one of the most common causes of connection failures, and diagnosing port issues can save you hours of frustration.

In this guide, we'll walk through every method for checking port status, from quick online tools to powerful command-line utilities, and cover how to troubleshoot when ports aren't behaving as expected.

Understanding Ports: A Quick Refresher

Think of an IP address as a street address, and ports as apartment numbers at that address. Your computer has 65,535 available TCP ports and 65,535 UDP ports. Each port can be used by a different service or application.

Port states:

• Open: The port is actively listening for connections. A service is running and accepting traffic.
• Closed: No service is listening on the port. The system acknowledges connection attempts but refuses them.
• Filtered/Blocked: A firewall is preventing connection attempts from even reaching the port. There's no response at all, making it unclear whether the port is open or closed behind the firewall.

Common ports you should know:

Method 1: Use an Online Port Scanner (Easiest)

The quickest way to check if a port is open on your public IP is to use our Port Scanner tool. It scans ports from outside your network, showing you exactly what the rest of the internet can see.

Steps:

1. Visit our Port Scanner tool
2. Your public IP address is automatically detected
3. Enter the port number(s) you want to check
4. Click scan and review the results

Why use an online scanner? When you test ports from inside your network, you might get misleading results because your firewall may treat local traffic differently from external traffic. An online scanner tests from the outside, giving you the real picture of what others can connect to.

What the results mean:

• Open: The port is accepting connections from the internet. If this is intentional (you're running a web server), great. If not, you may have a security issue.
• Closed: The port is reachable but no service is listening. The system responded with a RST (reset) packet.
• Filtered/Timeout: A firewall is likely blocking the port. No response was received.

Method 2: Using Telnet

Telnet is a simple built-in tool that can test whether a TCP port is reachable. While telnet is primarily a remote access protocol, it's commonly used as a quick port-testing utility.

On Windows:

First, enable Telnet (it's disabled by default):

1. Open Control Panel > Programs > Turn Windows features on or off
2. Check Telnet Client and click OK

Then test a port:

telnet hostname_or_ip port_number

Example:

telnet google.com 443

Interpreting results:

• Blank screen or connection text: The port is open
• "Could not open connection" or "Connection refused": The port is closed
• Long wait, then timeout: The port is filtered by a firewall

On macOS/Linux:

telnet hostname_or_ip port_number

If telnet isn't installed on your Linux distribution:

sudo apt install telnet    # Debian/Ubuntu
sudo yum install telnet    # CentOS/RHEL

Method 3: Using Netcat (nc)

Netcat is often called the "Swiss army knife" of networking. It's more versatile than telnet and available on most Unix-like systems.

Basic port check:

nc -zv hostname_or_ip port_number

Flags:

• -z: Zero I/O mode (just scan, don't send data)
• -v: Verbose output

Check a range of ports:

nc -zv hostname_or_ip 80-443

Check with a timeout (useful for filtered ports):

nc -zv -w 3 hostname_or_ip 8080

Results:

Connection to hostname_or_ip 80 port [tcp/http] succeeded!    # Port is OPEN
nc: connect to hostname_or_ip port 81 (tcp) failed: Connection refused    # Port is CLOSED
nc: connect to hostname_or_ip port 82 (tcp) timed out    # Port is FILTERED

Method 4: Using PowerShell (Windows)

PowerShell has a built-in cmdlet for testing network connections:

Test-NetConnection -ComputerName hostname_or_ip -Port port_number

Example:

Test-NetConnection -ComputerName google.com -Port 443

This gives you detailed output including:

• Whether the TCP connection succeeded
• Remote address and port
• Interface and source address used
• Round-trip time

For a quicker check:

(Test-NetConnection -ComputerName google.com -Port 443).TcpTestSucceeded

This returns simply True or False.

Method 5: Using Nmap (Advanced)

Nmap is the industry-standard port scanning tool. It's more powerful and flexible than the methods above but requires installation.

Install Nmap:

• Windows/macOS: Download from nmap.org
• Linux: sudo apt install nmap or sudo yum install nmap

Scan specific ports:

nmap -p 80,443,8080 hostname_or_ip

Scan a range of ports:

nmap -p 1-1000 hostname_or_ip

Scan all 65,535 ports:

nmap -p- hostname_or_ip

Service detection (identify what's running on open ports):

nmap -sV -p 80,443 hostname_or_ip

Nmap port states:

• open: Service is accepting connections
• closed: Port is reachable but nothing is listening
• filtered: Firewall is blocking the scan
• unfiltered: Port is reachable but nmap can't determine if it's open or closed
• open|filtered: Nmap can't determine which of the two states applies

Important: Only scan systems you own or have permission to scan. Unauthorized port scanning may violate laws and terms of service.

Method 6: Check Locally with Netstat/SS

If you want to check what ports are open on your own machine (not remotely), use netstat or ss.

On Windows:

netstat -an | findstr LISTENING

On macOS:

netstat -an | grep LISTEN

On Linux (ss is preferred over netstat):

ss -tlnp

Flags:

• -t: TCP connections
• -l: Listening sockets only
• -n: Show port numbers (not service names)
• -p: Show the process using each port

This shows which services are listening on which ports locally, which is essential for verifying that your server software is actually running before troubleshooting external connectivity.

Troubleshooting: Port Won't Open

If a port that should be open is showing as closed or filtered, work through this checklist:

1. Is the Service Actually Running?

Before blaming the network, verify the service is running:

# Linux
ss -tlnp | grep :PORT_NUMBER

# Windows
netstat -an | findstr :PORT_NUMBER

If nothing shows up listening on that port, start the service first.

2. Check the Local Firewall

Windows Firewall:

1. Open Windows Defender Firewall > Advanced settings
2. Check Inbound Rules for the port
3. Add a new rule if needed: New Rule > Port > specify the port number > Allow the connection

Linux (ufw):

sudo ufw status
sudo ufw allow PORT_NUMBER/tcp

Linux (firewalld):

sudo firewall-cmd --list-ports
sudo firewall-cmd --add-port=PORT_NUMBER/tcp --permanent
sudo firewall-cmd --reload

macOS:

Check System Settings > Network > Firewall and ensure it's not blocking incoming connections for your application.

3. Check Router Port Forwarding

If you're trying to make a service accessible from the internet, you need port forwarding configured on your router:

1. Log into your router's admin panel (usually 192.168.0.1 or 192.168.1.1)
2. Find the port forwarding section (may be under "NAT," "Virtual Server," or "Applications")
3. Create a rule forwarding the external port to your device's internal IP and port
4. Save and reboot the router if prompted

After configuring, verify with our Port Scanner tool from outside your network.

4. Check ISP Restrictions

Some ISPs block common ports, especially:

• Port 25 (SMTP): Blocked by most residential ISPs to prevent spam
• Port 80 (HTTP) and 443 (HTTPS): Sometimes blocked on residential connections
• Port 445 (SMB): Commonly blocked for security reasons

If your ISP blocks a port, you can often use an alternative port number and configure your service accordingly.

5. Trace the Connection Path

Use Traceroute to see where packets travel between you and the destination. If packets are being dropped at a specific hop, it can indicate where the blocking is occurring.

Security Best Practices

• Only open ports you actively need. Every open port is a potential attack surface.
• Regularly audit open ports using our Port Scanner and close anything unnecessary.
• Use non-standard ports for services like SSH (change from 22 to a higher number) to reduce automated attack attempts.
• Keep services updated to patch known vulnerabilities.
• Use fail2ban or similar tools to block repeated failed connection attempts.

Key Takeaways

• Use our Port Scanner for quick external port checks from outside your network
• Telnet, netcat, and PowerShell's Test-NetConnection are great for testing specific ports
• Nmap is the most powerful tool for comprehensive scanning
• If a port appears closed, check: service status, local firewall, router forwarding, and ISP restrictions in that order
• Only open ports you actually need, and audit them regularly

Related Articles:

• Network Troubleshooting Guide: Fix Common Internet Connection Problems
• How to Read Traceroute Results: Finding and Fixing Network Problems
• Understanding HTTP Status Codes: A Developer's Quick Reference Guide