ToolBelt

TCP Port Checker

Test whether a TCP port is reachable from our server.

Open tool

Overview

The TCP port checker tests whether a given TCP port on a public host is reachable from a server elsewhere on the internet. Enter a hostname and a port number, and the tool attempts a connect, reports whether the SYN handshake completed, and reports the round-trip time when it did.

System administrators verifying a new firewall rule, developers exposing a self-hosted service, and support staff confirming an outbound port is actually open all need an external TCP port checker. Long-tail keywords covered: check if TCP port is open from outside, test SSH port reachability, and verify firewall rule from public internet.

How it works

A TCP connect probe sends a SYN packet to the target host and port. The host responds with SYN-ACK if the port is listening and the firewall permits, RST if the port is closed but reachable, or nothing if a firewall is silently dropping the packet (most common). The tool reports one of three states: open (SYN-ACK received), closed (RST received), or filtered (no response within the timeout).

Because the probe originates from the server side, not your browser, the result reflects reachability from the public internet — not from your local network. A port that shows "open" here but fails from your machine is almost always blocked by your own ISP, corporate firewall, or local software firewall.

Examples

  • example.com:443 → open, the standard HTTPS port.
  • mail.example.com:25 → open, but many residential ISPs block outbound SMTP for clients.
  • home.example.com:22 → filtered, likely because the home router does not forward SSH.
  • db.example.com:5432 → closed because the database is bound to localhost only.

FAQ

What is the difference between "closed" and "filtered"?

Closed means the host actively rejected the probe (RST). Filtered means no response at all — usually a firewall silently dropping the SYN. Both fail, but closed implies the host is reachable while filtered implies a firewall in the middle.

Why is my port shown as filtered when I think it should be open?

Common culprits: cloud provider security groups, ISP filtering on common ports (25, 445, 1900), or a local firewall on the host itself.

Can it test UDP ports?

No — UDP has no handshake, so a "silent" response is indistinguishable from a working server that simply has nothing to say. TCP only.

Are scans rate-limited?

Yes. The shared outbound client enforces a short timeout and a per-IP rate limit to keep probes safe and to avoid being mistaken for a port-scan attack.

Try TCP Port Checker

An unhandled error has occurred. Reload ×