What Is Port Scanning?
Port scanning is the process of sending network requests to a range of ports on a server or device to determine which ones are open, closed, or filtered. Each network port is a numbered communication endpoint from 0 to 65535, and services running on a server listen on specific ports. For example, an HTTP web server listens on port 80, while an HTTPS server uses port 443.
Understanding which ports are open on a server is fundamental for network security, system administration, and connectivity troubleshooting. A port scanner like miip.link's lets you quickly check which services are accessible from the Internet on any public IP address or domain name, without needing to install additional software.
Port scanning works by sending network packets to each target port and analyzing the response received. If a port responds with a connection confirmation, it is open and accepting connections. If it responds with a rejection, it is closed but accessible. If there is no response, the port may be filtered by a firewall that silently blocks incoming connections.
Most Common Ports and Their Services
There are 65,535 ports available on each IP address, but only a subset is commonly used for well-known services. The Internet Assigned Numbers Authority (IANA) classifies ports into three ranges:
| Port | Protocol | Service | Description |
|---|---|---|---|
| 21 | TCP | FTP | File transfer |
| 22 | TCP | SSH | Secure shell for remote access |
| 23 | TCP | Telnet | Unencrypted remote access |
| 25 | TCP | SMTP | Email sending |
| 53 | TCP/UDP | DNS | Domain Name System |
| 80 | TCP | HTTP | Unencrypted web server |
| 110 | TCP | POP3 | Email retrieval |
| 143 | TCP | IMAP | Server-side email |
| 443 | TCP | HTTPS | Secure web server |
| 3306 | TCP | MySQL | MySQL database |
| 3389 | TCP/UDP | RDP | Windows Remote Desktop |
| 5432 | TCP | PostgreSQL | PostgreSQL database |
| 5900 | TCP | VNC | VNC remote desktop |
| 8080 | TCP | HTTP Alt | Alternative web server |
| 8443 | TCP | HTTPS Alt | Alternative secure web server |
Well-Known Ports (0-1023)
These ports are assigned by IANA to standard services and require administrator privileges to use. They are the most widely used ports on the Internet: HTTP (80), HTTPS (443), SSH (22), FTP (21), SMTP (25), DNS (53) and Telnet (23). Most web and mail servers use ports within this range.
Registered Ports (1024-49151)
Assigned by IANA to specific applications that are not standard system services. They include MySQL (3306), PostgreSQL (5432), application servers like Tomcat (8009, 8080) and many others. Any user can configure services to listen on these ports without special privileges.
Dynamic/Private Ports (49152-65535)
Not assigned by IANA and used for temporary client-side connections. When your browser connects to a web server on port 443, it opens a connection from an ephemeral port in this range.
How to Use the Port Scanner
miip.link's port scanning tool is easy to use:
- Enter the IP address or domain you want to scan (e.g.
8.8.8.8orgoogle.com). - Click "Scan Ports" and the tool will check the most common ports.
- Review the results showing which ports are open, closed, or filtered.
The tool scans the most relevant ports for common services. You can also use it directly from the miip.link home page.
TCP vs UDP: Differences
TCP and UDP are the two fundamental transport protocols on the Internet:
- TCP (Transmission Control Protocol): Connection-oriented protocol that establishes a formal connection before transmitting data (three-way handshake: SYN, SYN-ACK, ACK). An open TCP port responds with SYN-ACK, a closed one with RST, and a filtered one doesn't respond. TCP scanning is more reliable and is what miip.link's tool uses.
- UDP (User Datagram Protocol): Connectionless protocol that sends datagrams without establishing a connection. UDP scanning is slower and less reliable because an open UDP port may not respond, making it indistinguishable from a filtered one. UDP services include DNS (53), DHCP, streaming, and online gaming.
Port Security and Firewalls
Every open port is a potential entry point for attackers. Follow the principle of least privilege: only open the ports you need.
Security Best Practices
- Close unnecessary ports: Disable services you don't use.
- Use a firewall: Configure rules that allow only necessary traffic.
- Change default ports: Moving SSH from port 22 reduces automated attacks.
- Use strong authentication: Public keys for SSH, disable password login.
- Keep software updated: Vulnerabilities in exposed services are the most common attack vector.
- Monitor open ports: Regular scans to verify authorized services.
- Consider port knocking: Send a sequence of connections to closed ports before opening the real port.
Unexpected Open Ports
If you find open ports you don't recognize, identify the service with netstat -tlnp or ss -tlnp. If it's not needed, disable it. If it is, make sure it has strong authentication and the latest updates. Configure your firewall to block unauthorized access.
How Port Scanning Works
The most common technique is the SYN scan (half-open): a SYN packet is sent to the target port. If it responds with SYN-ACK, it's open; if it responds with RST, it's closed; if it doesn't respond, it's filtered. This technique doesn't complete the TCP connection, making it faster and less intrusive.
Other techniques include: CONNECT scan (full TCP connection), FIN scan (sends FIN packet), Xmas scan (FIN, URG and PSH flags), and UDP scan. miip.link's tool uses safe and non-intrusive TCP scanning techniques.