How to Check If a Port Is Open on Your Network
An open port on your public IP is an open door into your network. Most businesses have more of them than they realise, and some of those ports are genuinely dangerous to leave exposed.
This article covers what TCP ports are, which ports you should know by number, why an unexpected open port is a security problem, how to test what is visible on your own public IP, and what to do when you find something that should not be there.
What TCP Ports Are and Why They Matter
An IP address identifies a device on a network. A port identifies a specific service running on that device. When a device runs multiple services — a web server, a mail server, a remote access service — ports are how incoming connections find the right one. Port numbers run from 0 to 65535. The well-known ports, 0 through 1023, are assigned by IANA (Internet Assigned Numbers Authority) to standard services. Ports 1024 through 49151 are registered for common applications. Ports 49152 through 65535 are dynamic and used for ephemeral connections.
From a security perspective, a port is "open" when there is an application actively listening on it and accepting connections from the network. An open port on your internal network is often expected and necessary. An open port on your public IP — the address the rest of the internet sees — is a different matter. It means the internet can reach whatever application is listening there, and the question becomes whether that is intentional and whether that application is secure.
Automated scanners probe every public IP on the internet continuously. Some of these are legitimate security researchers. Many are not. A server running on a public IP will typically receive scanning attempts within minutes of going live. If you have a port open that you did not mean to have open, there is a good chance something has already probed it.
Common Ports Every IT Admin Should Know
Understanding which services live on which ports is foundational knowledge for anyone managing a network. These are the ports you will encounter most often.
Port 22 — SSH. Secure Shell, used for remote command-line access to Linux servers and network devices. Legitimately essential for server administration, but SSH exposed on a public IP is one of the most targeted services on the internet. Brute-force attacks against SSH on port 22 are constant and automated. If SSH needs to be accessible externally, it should be on a non-standard port, restricted to specific source IPs, and using key-based authentication rather than passwords.
Port 80 — HTTP. Unencrypted web traffic. Most modern web servers redirect port 80 traffic to port 443 (HTTPS) immediately. If port 80 is open and serving content rather than redirecting, it is worth investigating.
Port 443 — HTTPS. Encrypted web traffic. This should be open on any public-facing web server. It is also used by many modern applications for API communication.
Port 3389 — RDP. Remote Desktop Protocol, the Windows remote access service. RDP exposed on a public IP is a serious risk. Brute-force attacks against RDP are as common as SSH attacks, and RDP has historically had critical vulnerabilities (BlueKeep, DejaBlue) that were actively exploited. If your Windows servers are remotely accessible, RDP should be behind a VPN, not exposed directly to the internet.
Port 25 — SMTP. Email transmission between mail servers. If you are not running your own mail server infrastructure, this should not be open. An open port 25 on a business network can indicate a misconfigured mail relay, which attackers use to send spam.
Port 21 — FTP. File Transfer Protocol. Unencrypted, outdated, and almost never needed in a modern environment. If this is open, it should be investigated.
Port 23 — Telnet. Completely unencrypted remote access. There is no legitimate reason for Telnet to be exposed on a public IP in 2026. If you see this, close it immediately.
Port 8080 — Alternative HTTP. Often used for development web servers, proxies, or web interfaces on network devices like routers and managed switches. If this is open, know what is listening there.
Port 53 — DNS. Domain Name System. If you are not running a public authoritative DNS server, this should not be open. An open DNS port can be exploited for DNS amplification attacks if the resolver accepts queries from arbitrary sources.
Port 445 — SMB. Windows file sharing. This should never be open on a public IP. The WannaCry ransomware outbreak in 2017 spread via SMB exposed to the internet. If port 445 shows up in a scan of your public IP, treat it as an incident.
Why an Unexpected Open Port Is a Security Risk
Every open port is a potential entry point. The risk level depends on what is listening and how well that application is configured and maintained.
The concerns are:
Vulnerable software. If the application listening on a port has an unpatched vulnerability, an attacker who can reach that port can potentially exploit it. The internet is continuously scanned for services running outdated versions. A Shodan search for a specific vulnerable version of a service will return results within days of a vulnerability being made public.
Weak authentication. Many services are exposed with default credentials, weak passwords, or no authentication at all. An open web interface for a router or camera running its factory-default username and password is compromised trivially.
Unintended access. Sometimes a port is open because a developer opened it temporarily for testing and never closed it. Or because a NAT rule was added years ago and nobody remembers what it was for. Or because a misconfiguration in a firewall rule went unnoticed. The service behind the port may be perfectly secure internally but was never intended to be internet-facing.
Attack surface expansion. Every open port an attacker can reach is an additional place to probe. Even if no single port leads to an immediate compromise, the combination of open ports can fingerprint your infrastructure, reveal what software you are running, and give an attacker useful information for crafting a more targeted approach.
The general principle: if a port does not need to be open to the internet to serve a legitimate business function, it should be closed.
How to Check Which Ports Are Open on Your Public IP
The fastest way to see what ports are visible from outside your network is to use an external port checker — a tool that connects to your public IP from the internet and reports what it finds. This is more accurate than checking from inside your own network because it shows exactly what an outside observer sees, including the effect of any NAT rules, firewall policies, and CGNAT your ISP may be applying.
You can check open ports on your public IP right now using CheckMiIP's free port checker. It scans common ports and shows you which are open, closed, or filtered, with no software to install.
To use it effectively:
Before running the scan, document what you expect to find. If you know you have a public-facing web server, you expect ports 80 and 443 to be open. If you run a VPN endpoint, you expect the VPN port (often UDP 1194 for OpenVPN, or UDP 51820 for WireGuard). Write down the ports you intentionally have open and why.
Run the scan and compare the results against your list.
Investigate anything that appears in the results but not on your expected list.
You can also verify your ISP and connection details at CheckMiIP to confirm the public IP being scanned is the one your network is actually using. This matters if your ISP uses CGNAT — in that case, the IP visible to the external scanner may be a carrier NAT address rather than your router's actual WAN IP.
For a deeper internal scan, the standard tool is Nmap. From a machine inside the network you want to assess:
nmap -sV -p 1-65535 [target-ip]
The -sV flag attempts to identify what software is running on each open port. This is useful for internal audits but is a separate exercise from the external scan. Both matter.
What to Do If a Port Is Unexpectedly Open
Finding an unexpected open port is not a reason to panic, but it does require a systematic response.
Step 1: Identify what is listening.
On the firewall or router, check the NAT and port forwarding rules. Is there a rule that should not be there? On the server or device behind that port, use netstat or ss (Linux) or netstat -ano (Windows) to see which process has the port open. Match the process to an application. If you cannot identify the process, that is itself a finding.
Step 2: Determine whether the port should be open.
Talk to your team. Check change records. Sometimes the answer is straightforward: a developer opened a test port last quarter and forgot. Sometimes the answer is that nobody knows, which means further investigation is needed.
Step 3: Check for evidence of exploitation.
If the port has been open for any significant time, review the application logs for access from unexpected source IPs. Check authentication logs for failed login attempts. If the port is for a service like RDP or SSH, assume it has been probed and check carefully for any successful authentications from unknown sources.
Step 4: Close or restrict the port.
If the port should not be open, close it. Remove the firewall rule, stop the listening service, or both. If the port needs to be open for a legitimate reason but should not be open to the entire internet, restrict it by source IP. Most business services that require external access — management interfaces, RDP, admin panels — should only be accessible from specific known IPs, not from the world.
Step 5: Build the habit of regular scanning.
A port scan done once is a point-in-time snapshot. Configurations change, applications get installed, firewall rules get added. A quarterly external scan as part of your regular IT hygiene catches drift before it becomes a problem. Add it to your maintenance schedule alongside patch management and backup verification.
For Jamaican businesses managing their own infrastructure, whether in Kingston, Montego Bay, or anywhere across the island, this is one of the lower-effort, higher-value security checks available. It takes ten minutes and can surface genuine problems that would otherwise go unnoticed for months.
Run Your Port Scan Now
Run a free port scan on your public IP at CheckMiIP.com — no software to install, results in under a minute.
If the scan surfaces something you were not expecting and you are not sure how to interpret or address it, or if you want a more thorough security review of what is exposed from your network perimeter, get in touch with us. We work with businesses across Jamaica to assess exactly these kinds of external attack surface issues and help close gaps before they are discovered by someone else.