Why is my port showing as Filtered when I know it should be open?

Several things can cause a port to appear Filtered even when you expect it to be open. A firewall on the target server itself may be blocking external probes even though the service is running. An upstream firewall or router may be filtering the port before traffic reaches the server. Some ISPs block specific ports at the network level — port 25 (SMTP) is commonly blocked by residential ISPs. Cloud providers often have their own firewall layers (security groups, network ACLs) that must be configured separately from the server's own firewall. Check all layers in order: ISP, cloud provider firewall, router, host firewall, and then the service configuration.

Port Checker — Check Open Ports Online

Error: Unable to complete scan. Please try again.

Ports: 0 / 20 ports

Presets:

Max 20 ports per scan, 5 scans per minute. For bulk scanning, use a local network diagnostic tool.

Scanning ports on …

Target Scanned

—

Open

Closed

Filtered

📋 Port Scan Results

Port	Service	Status	Response

How to Use the Port Checker

Enter a Target IP Address or Hostname

Type the IP address or domain name you want to scan. Your external IP is pre-filled automatically so you can check your own connection without typing anything. To check another server, clear the field and enter its IP or hostname — the tool resolves hostnames to their IP before scanning and shows the resolved IP in your results.

Choose a Preset or Enter Your Own Ports

Click a preset button to load a group of commonly used ports — Common loads the 9 most essential ports; Web, Email, Database, Remote Access, and Gaming load groups specific to those services. You can also type your own ports directly: comma-separated (80,443,8080) or as a range (8080-8090), or mix both. The live counter shows how many ports are queued against the 20-port limit.

Click Scan Ports and Review Results

Press Scan Ports or hit Enter. Each port is tested via a real TCP connection from the QuickITTools server. Results return with three possible states: Open (a service is listening and accepted the connection), Closed (the host responded but nothing is listening), or Filtered (a firewall dropped the probe with no response). Open ports also show their response time in milliseconds.

Copy Results for Your Records

Click Copy Results to copy the full scan output as plain text — one line per port showing the port number, service name, status, and response time. This is formatted for easy pasting into a support ticket, incident report, or change management record.

Frequently Asked Questions

What does Open, Closed, and Filtered mean?

These are the three states a TCP port can return. Open means a service is actively listening on that port and accepted the connection — the port is reachable and in use. Closed means the target host responded but no service is running on that port — the port exists but nothing is listening. Filtered means a firewall, router, or network device blocked the probe entirely and returned no response. Filtered does not tell you whether a service is running — it just means something in the path is blocking access to that port.

What is port forwarding and how do I test it?

Port forwarding tells your router to send incoming traffic on a specific port to a device on your internal network. For example, forwarding port 25565 to your gaming PC lets friends connect to your Minecraft server. To test it, enter your public IP address as the target, enter the port you forwarded, and click Scan Ports. If the result shows Open, forwarding is working correctly. If it shows Closed or Filtered, check your router settings, confirm the service is running on the target device, and verify your local firewall is not blocking the port.

Why does a port show Filtered instead of Closed?

Filtered means a firewall dropped the probe packet without sending any response. This is intentional behavior on well-secured networks — by not responding at all, the firewall gives no information to a potential attacker about what is or is not running behind it. A Closed result means the host actively replied to say nothing is listening. Filtered is generally the more secure response, but it can also appear when there is a routing problem, a stateful firewall is blocking new connections, or your ISP is filtering that port.

Can I check ports on someone else's server?

This tool is intended for use on servers and IP addresses you own or are authorised to test. Scanning ports on systems without permission may be illegal in your jurisdiction and violates the terms of service of most hosting providers. Use this tool responsibly — for diagnosing your own servers, verifying your firewall rules, and testing port forwarding on your own network.

Why is my port showing Filtered when I know it should be open?

Several things can cause a port to appear Filtered even when you expect it to be open. A firewall on the target server itself may be blocking external probes even though the service is running. An upstream firewall or router may be filtering the port before traffic reaches the server. Some ISPs block specific ports at the network level. Cloud providers often have their own firewall layers — security groups, network ACLs — that must be configured separately from the server's own firewall. Check all layers in order: ISP, cloud provider firewall, router, host firewall, and then the service configuration itself.

Common Port Reference

FTP

File Transfer Protocol. Used to transfer files between client and server. Should be secured with FTPS or replaced with SFTP (port 22) on modern systems.

SSH / SFTP

Secure Shell — encrypted remote access to Linux and Unix servers. Also used for SFTP file transfers. One of the most targeted ports; restrict access by IP where possible.

HTTP

Standard unencrypted web traffic. Modern sites redirect HTTP to HTTPS (port 443). An open port 80 without a redirect is a sign of a misconfigured or legacy web server.

443

HTTPS

Encrypted web traffic using TLS. The default port for all modern websites. Should be open on any public-facing web server. Closed port 443 means SSL/TLS is not configured.

3306

MySQL

MySQL and MariaDB database server. Should be closed to external connections on production servers — access database servers only from your application server on the same network.

3389

RDP

Windows Remote Desktop Protocol. Heavily targeted by brute-force attacks. Should be restricted by IP or placed behind a VPN. Open RDP on a public IP is a significant security risk.

5900

VNC

Virtual Network Computing — graphical remote desktop access. Like RDP, an open VNC port on a public IP is a high-risk exposure. Always restrict access by IP or use a VPN tunnel.

25565

Minecraft Java

Default port for Minecraft Java Edition servers. Must be open and port-forwarded on your router for friends to connect to your server from outside your local network.

Port Checker

How to Use the Port Checker

Frequently Asked Questions

Common Port Reference

Related IT Tools