Skip to main content
dnsverifier.com

Online Port Scanner — 136 Well-Known Ports

The dnsverifier.com Online Port Scanner performs a TCP-connect scan across a curated catalog of 136 well-known ports covering web, dev, mail, remote access, databases, queues, containers, and monitoring. Open ports are banner-grabbed on server-speaks-first protocols (SSH, SMTP, FTP, MySQL), HEAD-probed on HTTP-ish ports, and fully TLS-handshaked on implicit-TLS ports so the negotiated cipher and certificate appear inline.

⚠ Only scan hosts you own or have written authorization to test. Private / loopback / link-local addresses are blocked at the API.

Frequently asked questions

What is a port scanner?
A port scanner probes a host on a set of TCP (or UDP) port numbers to discover which network services are listening. The dnsverifier.com scanner performs a 'TCP-connect' scan — it opens a normal TCP connection to each port and records whether the three-way handshake succeeds.
How is a TCP-connect scan different from an SYN / stealth scan?
A TCP-connect scan completes the full three-way handshake (SYN, SYN-ACK, ACK), so the application layer sees the connection and may log it. A SYN ('half-open' or 'stealth') scan sends SYN and aborts after SYN-ACK, leaving fewer traces. SYN scans require raw sockets / root, so they are not available from a hosted environment like Vercel.
Why are private IP addresses blocked?
An open public scanner that allows targets like 127.0.0.1, 10.0.0.0/8, 192.168.0.0/16, 169.254.169.254 (cloud metadata), or fc00::/7 is an SSRF vector against the cloud infrastructure running the scanner. The API explicitly refuses RFC 1918 private addresses, loopback, link-local, CGNAT, multicast, IPv6 ULA, and cloud-metadata literals.
Is online port scanning legal?
It depends on jurisdiction and authorization. In the United States, the Computer Fraud and Abuse Act prohibits unauthorized access; the United Kingdom's Computer Misuse Act has similar language. Most jurisdictions allow port scanning against systems you own or have written authorization to test. Always read the dnsverifier.com Acceptable Use Policy before scanning third-party hosts.
What ports are scanned in each preset?
Top (default): 30 most common ports (web, SSH, mail). Web: web + dev ports (80, 443, 8080, 3000, 5173, …). Databases: every database port (MySQL, PostgreSQL, MongoDB, Redis, Elasticsearch, …). Remote: SSH, RDP, VNC, WinRM, SMB, NetBIOS. All: the full 136-port catalog. Or paste a custom comma-separated list (up to 200 ports).