How do I check if a TCP port is open online?

Enter your server's IP address or domain followed by a colon and the port number (e.g. 1.1.1.1:80 or example.com:443) and run a TCP check. The tool attempts a TCP handshake from 50+ global nodes and reports whether each connection succeeded, was refused, or timed out.

What is the difference between a port being refused versus timing out?

A refused connection (TCP RST) means the port is actively closed — the server replied to reject the connection. A timeout means no reply was received at all, which typically indicates a firewall is silently dropping packets before they reach the server or application.

Which TCP ports can I test?

Any valid TCP port from 1 to 65535. Common examples include port 80 (HTTP), 443 (HTTPS), 22 (SSH), 25 (SMTP), 3306 (MySQL), 5432 (PostgreSQL), and 3389 (RDP). No login or special permissions required — the check only verifies whether the TCP handshake completes.

TCP Port Checker Online — Test Port Connectivity from 50+ Locations

Name: Check-Host TCP Port Connectivity Test
Author: Check-Host

Advanced Settings

Show world map

Info Ping HTTP TCP UDP MTR DNS

Check TCP Port Availability: Global Connection Test from 50+ Locations

Enter a domain or IP address with a port (e.g., 1.1.1.1:80) to begin the global TCP check.

Examples: 1.1.1.1:80 check-host.cc:443 8.8.8.8:53

Commonly Used TCP Ports

A list of the most frequent destination ports encountered in modern network monitoring and firewall configuration.

Port	Service	Description
20	FTP Data	Used for transferring actual file data in Active FTP mode.
21	FTP Control	Used for sending commands and login credentials to FTP servers.
22	SSH	Secure Shell; used for secure remote login and file transfers (SFTP).
23	Telnet	Legacy plaintext remote login; largely replaced by SSH for security.
25	SMTP	Simple Mail Transfer Protocol; used for routing email between servers.
53	DNS	Domain Name System; resolves hostnames to IP addresses via TCP.
80	HTTP	Standard unencrypted web traffic; now often redirects to HTTPS.
110	POP3	Post Office Protocol v3; used by email clients to retrieve messages.
143	IMAP	Internet Message Access Protocol; used for accessing email on a server.
443	HTTPS	HTTP over SSL/TLS; the standard for secure web browsing and APIs.
445	SMB/CIFS	Server Message Block; used for file sharing and printing in Windows.
465	SMTPS	Secure SMTP; used for encrypted email transmission.
587	SMTP Submission	Modern port for mail clients to submit outgoing mail securely.
993	IMAPS	IMAP over SSL; encrypted access to email messages.
995	POP3S	POP3 over SSL; encrypted retrieval of email messages.
1433	MSSQL	Microsoft SQL Server; default port for database connections.
3306	MySQL	Standard port for MySQL and MariaDB database communication.
3389	RDP	Remote Desktop Protocol; used to remotely control Windows machines.
5432	PostgreSQL	Default port for PostgreSQL database server connections.
8080	HTTP Alternate	Commonly used for proxy servers, caching, or web apps in development.

Global TCP Port Checker & Network Connectivity Test

A TCP check attempts a three-way handshake (SYN → SYN-ACK → ACK) to a specific host and port, then measures how long it took. Unlike ping, this goes through the same firewall rules and routing policies as real application traffic. If a port accepts a TCP connection, it is open — regardless of what the application behind it does with the data.

Firewall & Routing Validation

If a port works locally but fails from external nodes, something between the internet and your server is blocking it — a cloud security group, iptables rule, upstream ISP filter, or geoblocking policy. Running the check from multiple regions at once helps identify whether the block is global or specific to certain source countries or ASNs. A timeout from all nodes usually means the port is not reachable from outside; a refused connection means the port is actively closed.

Application vs. Transport Layer

TCP checks work at layer 4, so you can test ports that have no HTTP interface — databases (MySQL 3306, PostgreSQL 5432), mail servers (SMTP 25, IMAPS 993), SSH (22), RDP (3389), or custom application ports. No credentials needed. The check only verifies whether the TCP handshake completes, not what the application does after. Pair it with a protocol-specific test if you need to verify the application layer.

Handshake Latency Analysis

The measured time is the full round-trip to complete the TCP handshake. This is typically close to the raw network latency plus a small amount of server processing time. Large differences between regions often point to suboptimal routing — traffic taking a longer path than expected — rather than a server problem. Live mode runs this check continuously for 60 seconds so you can spot intermittent connection failures that a one-time test would miss.