TCP Exposure Range scan

Port checker

Check whether a port is reachable from the public internet. Useful for validating firewall rules, NAT, and service exposure after deployments or migrations.

Single port
Fast check for a known service
Ranges
Validate groups (e.g. 80/443/22)
Signal
Clear “open/closed/filtered” style output

Check an IP

Enter an IP address and one port (or a simple comma-separated list).

Tip: keep ranges small to avoid long waits. This tool will be wired up next.
Results below show an example response for the UI.

Results

Example output showing open vs closed ports.

Ports checked
2 open, 1 closed (example output).
443 open 22 open 25 closed

Open

2
22open (SSH)
443open (HTTPS)

Closed

1
25closed (SMTP)

Guidance

How to interpret open/closed results safely.

Only expose what you need
If a port is open publicly, treat it as internet-facing. Restrict by IP where possible.
Consider NAT and firewalls
A closed result can be a firewall rule, a missing NAT mapping, or a service not listening.
Verify locally too
Check from within the network to isolate whether the issue is exposure or the service itself.

FAQ

Quick answers to common questions.

What does “filtered” mean?
It usually indicates a firewall silently dropping packets rather than actively rejecting the connection.
Why does it show open but I still can’t log in?
Open only means reachable. Auth, TLS, host-based firewalls, or app errors can still prevent use.
Tools

Need help securing your exposure?

We can lock down open ports, implement secure access patterns, and keep your services reachable only where they should be.

Start a conversation All tools
Least privilege. Clear rules. Verified access.
Networking Security Access control