What Is a Network Port?
If an IP address is like a building's street address, ports are the individual doors to different rooms. Every network connection uses both an IP address (to reach the right computer) and a port number (to reach the right service on that computer).
Port numbers range from 0 to 65535 and are divided into:
| Range | Name | Description |
|---|---|---|
| 0–1023 | Well-known ports | Assigned to standard services (HTTP, SSH, FTP) |
| 1024–49151 | Registered ports | Used by specific applications |
| 49152–65535 | Dynamic/private ports | Temporary client connections |
Common Port Numbers
| Port | Protocol | Service |
|---|---|---|
| 22 | SSH | Secure Shell – remote login |
| 25 | SMTP | Email sending |
| 53 | DNS | Domain Name System |
| 80 | HTTP | Unencrypted web traffic |
| 443 | HTTPS | Encrypted web traffic |
| 3389 | RDP | Windows Remote Desktop |
| 3306 | MySQL | Database server |
| 5432 | PostgreSQL | Database server |
| 6379 | Redis | In-memory cache/database |
| 8080 | HTTP-alt | Alternative web server port |
TCP vs UDP
Most ports use one of two transport protocols:
- TCP (Transmission Control Protocol) – Connection-oriented, guaranteed delivery, used for HTTP, SSH, FTP
- UDP (User Datagram Protocol) – Connectionless, faster but no delivery guarantee, used for DNS, VPN, video streaming
Port scanners typically focus on TCP ports since they can determine open/closed state reliably.
What Does a Port Scanner Do?
A port scanner sends connection attempts to a range of ports and analyzes the responses:
- Open – A service is listening and accepted the connection
- Closed – The port is reachable but no service is running
- Filtered – A firewall blocked the probe (no response)
Our Port Scanner Tool scans the most common ports on your IP address and shows which services are exposed to the internet.
Why Open Ports Are a Security Risk
Every open port is a potential attack surface. Risks include:
- Outdated software – Services with known vulnerabilities
- Default credentials – Databases or admin panels with factory passwords
- Unnecessary exposure – Services that should only be internal but are internet-facing
- Information disclosure – Banner grabbing reveals software versions to attackers
High-Risk Ports to Watch
| Port | Risk |
|---|---|
| 22 (SSH) | Brute-force attacks – restrict to specific IPs |
| 3389 (RDP) | Ransomware entry point – never expose directly |
| 3306/5432 (DB) | Databases should never be publicly accessible |
| 23 (Telnet) | Unencrypted – completely outdated, disable immediately |
| 21 (FTP) | Unencrypted – use SFTP instead |
How to Protect Your Open Ports
Firewall Rules
Block all incoming connections by default. Only allow what's explicitly needed:
# Allow SSH only from specific IP
iptables -A INPUT -p tcp --dport 22 -s 203.0.113.5 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROPPort Knocking
A technique where a specific sequence of connection attempts to closed ports "unlocks" a port temporarily. Useful for SSH.
Fail2ban
Automatically bans IPs that show repeated failed connection attempts (brute-force protection).
Change Default Ports
Moving SSH from port 22 to a high-numbered port (e.g., 2222) won't stop determined attackers, but reduces automated scan noise significantly.
VPN for Internal Services
Database servers, admin panels and internal tools should only be reachable via VPN, not directly from the internet.
Regular Port Auditing
It's good practice to regularly scan your own server's ports to identify unexpected exposures. After any infrastructure change, run a port scan to verify only intended ports are open.
Use our Port Scanner Tool to check your current IP address right now – no installation required.
Last updated: May 2024