Skip to content

Port 9100: Prometheus node_exporter

Key idea:

Port 9100 (TCP) is the standard for Prometheus node_exporter. Prometheus node_exporter — host-level metrics (CPU, RAM, disk, network). Port 9100 — HTTP endpoint /metrics in Prometheus-compatible format. The standard for monitoring Linux m

Below: what uses this port, security considerations, online check, FAQ.

Check your host & ports →

What runs on this port

Prometheus node_exporter

Prometheus node_exporter — host-level metrics (CPU, RAM, disk, network). Port 9100 — HTTP endpoint /metrics in Prometheus-compatible format. The standard for monitoring Linux machines, installed on every server.

Security considerations

node_exporter is unauthenticated by default. Bind private network only or put nginx basic_auth in front. Metrics contain sensitive info (mounted paths, process names).

Check this port online

Check port online →

Enterno.io Ping + Port checker tests TCP reachability of any port from 3 regions (Moscow / Frankfurt / Virginia).

Understanding Prometheus Node Exporter and Port 9100

Port 9100 (TCP) is the designated communication channel for the Prometheus node_exporter, a critical component in the Prometheus monitoring ecosystem. This port serves as the endpoint through which host-level metrics are exposed, allowing Prometheus to scrape data efficiently. The node_exporter is responsible for collecting various system metrics, including CPU usage, memory consumption, disk I/O, and network statistics.

When the node_exporter is running, it listens on port 9100 and provides an HTTP endpoint at /metrics. This endpoint returns metrics in a Prometheus-compatible format, which can be queried by Prometheus servers. The metrics collected can be visualized using tools like Grafana, enabling real-time monitoring and alerting based on system performance.

To configure the node_exporter, ensure that it is installed on your target host. Start the service by running the following command:

./node_exporter

This will initiate the node_exporter and bind it to port 9100 by default. You can verify that it is running by accessing http://:9100/metrics in your web browser, which should display a list of metrics being collected.

Security Considerations for Port 9100

While port 9100 is essential for monitoring, it also poses potential security risks if not properly managed. By default, the node_exporter does not implement any authentication or encryption mechanisms, which can expose sensitive system metrics to unauthorized users if the port is publicly accessible.

To mitigate these risks, consider the following security best practices:

  • Restrict Access: Use firewall rules to limit access to port 9100, allowing only trusted IP addresses or networks. For example, with iptables, you can add a rule like:
  • iptables -A INPUT -p tcp --dport 9100 -s  -j ACCEPT
  • Use VPNs: Implement a VPN solution to ensure that only authenticated users can access the network where the node_exporter is running.
  • Reverse Proxies: Consider using a reverse proxy (e.g., Nginx or Apache) in front of the node_exporter to add basic authentication and SSL/TLS encryption. This can be configured to secure the communication:
  • server { listen 443 ssl; server_name ; ssl_certificate /path/to/cert.pem; ssl_certificate_key /path/to/key.pem; location /metrics { proxy_pass http://localhost:9100; auth_basic "Restricted Access"; auth_basic_user_file /etc/nginx/.htpasswd; } }

By implementing these security measures, you can significantly reduce the risk of unauthorized access to your monitoring data, ensuring that your metrics remain confidential and secure.

Practical Examples of Monitoring with Port 9100

To effectively use port 9100 for monitoring with Prometheus node_exporter, you need to understand how to configure it and integrate it with your Prometheus instance. Below are practical examples that illustrate how to set up and query metrics.

1. **Installing node_exporter**: First, download the latest version of node_exporter from the official GitHub repository:

wget https://github.com/prometheus/node_exporter/releases/latest/download/node_exporter-.linux-amd64.tar.gz

Extract the downloaded file:

tar -xvf node_exporter-.linux-amd64.tar.gz

Navigate to the extracted directory and start the node_exporter:

cd node_exporter-.linux-amd64 ./node_exporter

2. **Configuring Prometheus**: Next, you need to configure your Prometheus server to scrape data from the node_exporter. Edit the prometheus.yml configuration file to include the following scrape configuration:

scrape_configs: - job_name: 'node' static_configs: - targets: [':9100']

3. **Querying Metrics**: After setting up the node_exporter and configuring Prometheus, you can start querying metrics. For example, to check CPU usage, you can use the following Prometheus query:

rate(node_cpu_seconds_total[5m])

This query will return the rate of CPU usage over the last 5 minutes, allowing you to monitor system performance effectively.

By following these steps, you can harness the power of Prometheus and node_exporter over port 9100 to gain valuable insights into your system's health and performance.

Learn more

Sources

Frequently Asked Questions

Is port 9100 open by default?

No, modern cloud providers (AWS, Google Cloud, Yandex) close all incoming ports by default. You must explicitly allow port 9100 in a Security Group or firewall.

How to check if port 9100 is reachable?

Use <a href="/en/ping">Enterno Ping + Port Checker</a>. Or in shell: <code>nc -vz example.com 9100</code>.

Is port 9100 safe to expose?

Depends on the service. Prometheus node_exporter should never be exposed publicly without authentication + TLS. See <a href="/en/s/research-open-ports-exposure-2026">our 2026 exposure research</a>.

Try the live tool that powered this guide

Free plan — 10 monitors, checks every 5 min, no card required. Upgrade for 1-minute interval and multi-region monitoring.