mrb's blog

65k Open TCP Ports on

Keywords: network sysadmin

Are you sometimes in need of a network diagnostic tool to verify if your Internet Service Provider, or company network, or home network is blocking outgoing connections to certain port numbers? No problem. Walk to All 65k TCP ports, from 1 to 65535, are open on this web server. It is a useful network diagnostic tool.

Many ISPs block Windows CIFS/NetBIOS ports 137, 138, 139, 445, or SMTP port 25.

To test from a browser, add colon(:) followed by the port number after the hostname. For example, tests the default HTTP port. Try other common ports: 8000, 8080, 443. However be aware that some browsers block ports such as 1, 7, 9, 11, 13, 15, 17, ..., 65535. For ports blocked by Google Chrome, see kRestrictedPorts in For ports blocked by Mozilla Firefox, see this page.

To test from a Unix shell:

$ curl
Yep, port 1234 is open. <a href="">About...</a>


$ telnet 1234

Antonio Ognio wrote: Looks nice but how about adding the actual port number to the "Yep, port is open" so it reads "Yep, port %d is open". Keep the good work. Regards. 20 Oct 2011 17:34 UTC

mrb wrote: Will do. However I need to work on an efficient way of doing it. I am using a Linux DNAT rule to map all connections to one port, so userland is unaware of the original port. Reading /proc/net/nf_conntrack to do the reverse mapping would be inefficient as the kernel takes 300ms+ to generate the data, and I am dealing with peaks of hundreds of connections per second.

I was going to code a kernel extension to allow applications to perform direct lookups in the conntrack hashtable... until I discovered there is already a netlink interface for it:
21 Oct 2011 08:16 UTC

mokalan wrote: That's a great idea, but how about scanning the whole range for closed ports?
It seems that you haven't created it for that. Is there any other way it can be done?
15 Mar 2012 23:49 UTC

mrb wrote: mokalan, you want an IP address with all 65k TCP ports closed? 16 Mar 2012 04:28 UTC

mokalan wrote: No. It's fine the way it is. I meant running something similar to:
nmap -p1-65535 | grep closed

It's pretty slow. I think the machine can be configured to accept more simultaneous connections attempts.
20 Mar 2012 23:22 UTC

mrb wrote: It is likely your Internet connection through which you are scanning that has a high latency or packet loss. The same nmap command takes 5.6 seconds when run from a computer on the same gigabit ethernet LAN as 30 Mar 2012 10:20 UTC

mokalan wrote: oh, great. I'll take a look on my side.
meanwhile, can you please try it from another computer on the internet?

30 Mar 2012 21:39 UTC

mrb wrote: Antonio: I know it is now 3 years later, but I finally added the port number as you suggested :) 06 Oct 2014 05:55 UTC

Jon Hartman wrote: Thanks for providing this tool!

For telnet purposes, it'd be nice if it support HTTP 1.0 requests and didn't require a host-header. Granted, the socket being open is fairly recognizable, but I could see ripping out a quick "GET /" just to get the text back. Adding a host header as well gets a tad bulky.
13 Oct 2014 20:22 UTC

mrb wrote: Jon: I do support 1.0 with no host header (try "GET / HTTP/1.0" in telnet). 15 Oct 2014 17:53 UTC