How to Scan Open Ports: A Complete Guide for Network Security

Open ports are the doorways to your network. Every service running on your server or computer listens on a specific port, and if those doors are left open unintentionally, attackers can walk right through. Port scanning is one of the most fundamental techniques in network security — both for defenders auditing their own systems and for understanding how attackers discover vulnerabilities.

What Are Network Ports?

A network port is a virtual endpoint for communication. While your IP address identifies your device on the network, ports identify specific services or applications running on that device. Think of your IP as a building address and ports as individual apartment numbers.

Port numbers range from 0 to 65,535 and are divided into three categories:

• Well-Known Ports (0–1023): Reserved for standard services like HTTP, SSH, and FTP
• Registered Ports (1024–49151): Used by specific applications (e.g., MySQL on 3306)
• Dynamic/Private Ports (49152–65535): Temporarily assigned for client-side connections

Common Ports You Should Know

Understanding common port numbers is essential for network administration and security:

Port    Service              Risk if Exposed
──────────────────────────────────────────────
22      SSH                  Brute-force attacks
25      SMTP (Email)         Spam relay abuse
53      DNS                  DNS amplification attacks
80      HTTP                 Web vulnerabilities
443     HTTPS                Web vulnerabilities
445     SMB (File Sharing)   Ransomware (WannaCry)
1433    Microsoft SQL        Database breaches
3306    MySQL                Database breaches
3389    RDP (Remote Desktop) Brute-force, ransomware
8080    HTTP Proxy/Alt       Misconfigured services

Why Open Ports Are a Security Risk

An open port means a service is actively listening for connections. This becomes dangerous when:

• The service has known vulnerabilities that haven't been patched
• The service uses weak or default credentials
• The port is open unintentionally (you didn't know it was running)
• The service provides unnecessary access to internal resources

Attackers routinely scan the entire internet for open ports. Tools like Shodan and Masscan can identify every exposed RDP server, database, or web application in minutes. If your ports are open, they will be found.

How Port Scanning Works

Port scanning sends packets to a range of port numbers and analyzes the responses to determine which ports are open, closed, or filtered. Here are the main scanning techniques:

TCP Connect Scan

The simplest method — it completes a full TCP three-way handshake (SYN → SYN-ACK → ACK) with each port. If the handshake succeeds, the port is open. This is reliable but easily detected by firewalls and intrusion detection systems.

TCP SYN Scan (Half-Open)

Also called a "stealth scan," this sends a SYN packet but doesn't complete the handshake. If the target responds with SYN-ACK, the port is open, and the scanner sends a RST to tear down the connection. Faster and less likely to be logged than a full connect scan.

UDP Scan

UDP is connectionless, making it harder to scan. A UDP scan sends empty packets (or protocol-specific payloads) and waits for responses. No response usually means the port is open or filtered; an ICMP "port unreachable" message means it's closed. UDP scans are notoriously slow.

Scanning Your Own Ports with NetLynx

The fastest way to check which ports are open on your public IP is to use our online port scanner. It scans the most common ports on your connection and reports which are open, closed, or filtered — all from your browser with no installation required.

This is especially useful for quickly verifying:

• Whether your firewall rules are working correctly
• If a new service is accessible from the internet
• That you haven't accidentally exposed internal services

Using Nmap for Advanced Scanning

Nmap is the industry-standard port scanner for deeper analysis. Here are essential commands:

# Basic SYN scan of top 1000 ports
sudo nmap -sS 192.168.1.1

# Scan specific ports
nmap -p 22,80,443,3389 192.168.1.1

# Scan all 65,535 ports
nmap -p- 192.168.1.1

# Detect service versions
nmap -sV -p 22,80,443 192.168.1.1

# OS detection + service versions + scripts
sudo nmap -A 192.168.1.1

# Fast scan of your entire local network
nmap -sn 192.168.1.0/24

How to Secure Open Ports

Found open ports you didn't expect? Here's how to lock them down:

1. Close unnecessary services: If you don't need a service running, stop it and disable it from starting at boot.
2. Use a firewall: Configure your firewall to block all incoming traffic by default and only allow ports you explicitly need.

   # UFW (Ubuntu) - allow only SSH and HTTPS
   sudo ufw default deny incoming
   sudo ufw allow 22/tcp
   sudo ufw allow 443/tcp
   sudo ufw enable

3. Restrict access by IP: Limit sensitive ports (SSH, RDP, databases) to specific trusted IP addresses only.
4. Change default ports: Moving SSH from port 22 to a non-standard port (e.g., 2222) won't stop a determined attacker, but it reduces automated brute-force noise by over 90%.
5. Keep software updated: Regularly patch all services listening on open ports to fix known vulnerabilities.
6. Use fail2ban: Automatically ban IPs that show malicious signs like repeated login failures.

Regular Port Auditing

Port scanning isn't a one-time activity. Make it part of your regular security routine:

• Scan your public IP monthly to catch unintended changes
• Scan after any infrastructure change (new server, firewall update, ISP change)
• Compare results over time to detect configuration drift
• Use our NetLynx Port Scanner for quick external checks and Nmap for comprehensive internal audits