Single-signal test
Open port check
We asked the public internet to knock on your connection. Here's which doors answered — scanning your own IP only, popular ports first, plus any port you want to check.
Scanning your public IP
resolving…
What an open port means for your privacy
Every device on the internet is reached through ports — numbered doors, one per service. A web server listens on 443, remote desktop on 3389, file sharing on 445. When a port is open to the public internet, anyone, anywhere, can attempt to connect to whatever is behind it. That is fine and expected for a server that is meant to be public; it is a real exposure for a home or personal connection that was never supposed to be running services for the world.
This check probes your own public IP from the outside — the same vantage point an attacker or a mass-scanning bot has. Services like Shodan scan the entire internet around the clock, cataloguing every exposed port; a forgotten open port is often how a break-in starts. Seeing your connection the way the outside sees it is the first step to closing what shouldn't be open.
Reading your results
Stealth is the result you want on a personal connection: the probe gets no answer at all, because a firewall or your router drops it, so your device looks invisible. Closed means your host is reachable and answered “nothing here” — less private than stealth, but nothing is exposed. Open is the one to pay attention to: a service is live and reachable from anywhere. If you see an open port you didn't expect — especially SMB (445), RDP (3389), a database (3306, 5432) or an admin panel (8080) — check your router's port-forwarding settings and your device firewall.
Behind a typical home router you'll usually see stealth across the board, because the router's NAT hides the devices behind it. An open port then almost always means a port-forwarding rule is sending that traffic to a specific device — intentional for, say, a game server, but worth a second look otherwise.
Frequently asked questions
- What does this port check actually test?
- Whether the public internet can open a TCP connection to a given port on your current public IP address. Our server tries to connect back to your IP on each port and reports whether it's open (something is listening and reachable), stealth/filtered (a firewall silently drops the probe — the most private result), or closed (your host answers but nothing is listening).
- Can I scan someone else's IP or a website?
- No — by design. The scan target is always your own IP address, derived from your connection on the server side. The box only lets you choose which ports to check, never which host. This is deliberate: a tool that scanned arbitrary addresses would be an abuse magnet.
- Most of my ports say 'Stealth'. Is that bad?
- That's the best outcome. 'Stealth' (filtered) means a firewall or your router is silently dropping the connection attempts, so your device is effectively invisible on those ports. Most home connections behind a router will show stealth across the board — exactly what you want.
- A port shows 'Open' — what should I do?
- An open port means a service on your network is reachable from the entire internet. If you didn't intend that (e.g. RDP 3389, SMB 445, a database on 3306/5432), it's worth closing: check your router's port-forwarding rules, your device firewall, and whether the service needs to be internet-facing at all. Services like SSH or RDP are best placed behind a VPN.
- Is this the same as checking ports on my computer?
- No. This checks inbound reachability from the outside — what the internet can reach on your public IP. It does not list the local services running on your machine. Behind a home router, an 'open' result usually means the router is forwarding that port to a device on your network.
This is one signal of many. The SysLeak exposure dashboard combines your IP, fingerprint and WebRTC results into a single Exposure Score.