Why am I Unable to ping port 443 on Ubuntu?

Question

I have opened port 443 through iptables:

pkts bytes target prot opt in  out source     destination
  45  2428 ACCEPT all  --  lo  *   0.0.0.0/0  0.0.0.0/0
   6  1009 ACCEPT tcp  --  *   *   0.0.0.0/0  0.0.0.0/0 tcp dpt:80
 141 10788 ACCEPT tcp  --  *   *   0.0.0.0/0  0.0.0.0/0 tcp dpt:22
   0     0 ACCEPT tcp  --  *   *   0.0.0.0/0  0.0.0.0/0 tcp dpt:80
   0     0 ACCEPT tcp  --  *   *   0.0.0.0/0  0.0.0.0/0 tcp dpt:443
   7  1140 ACCEPT all  --  *   *   0.0.0.0/0  0.0.0.0/0 state RELATED,ESTABLISHED
   6   360 DROP   all  --  *   *   0.0.0.0/0  0.0.0.0/0

And it is listening as netstat -a indicates:

Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 *:6311                  *:*                     LISTEN     
tcp        0      0 *:ssh                   *:*                     LISTEN     
tcp        0      0 gauss:ssh               ommited                 ESTABLISHED
tcp        0      0 gauss:ssh               ommited                 ESTABLISHED
tcp6       0      0 localhost:8005          [::]:*                  LISTEN     
tcp6       0      0 [::]:8009               [::]:*                  LISTEN     
tcp6       0      0 [::]:www                [::]:*                  LISTEN     
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN     
tcp6       0      0 [::]:https              [::]:*                  LISTEN     
udp        0      0 *:mdns                  *:*                                
udp        0      0 *:52703                 *:*                                
udp6       0      0 [::]:42168              [::]:*                             
udp6       0      0 [::]:mdns               [::]:*

However I can't ping port 443:

PING 443 (0.0.1.187) 56(124) bytes of data.
^C
--- 443 ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 6006ms

What's going on?

Even if you could ping a port, you need something on that port that understands the ping and responds appropriately. Chances are you have a web server on that port and web servers don't speak ping. — John Gardeniers, Commented Dec 21, 2011 at 6:24
It may be helpful to get familiar with the OSI Reference Model. You can ping an IP (layer 3) address, but ICMP does not understand TCP (layer 4) port numbers. — Skyhawk, Commented Apr 4, 2012 at 19:24

Chopper3 · Accepted Answer · 2011-12-13 21:11:59Z

29

The ping utility does what it's supposed to, hit the ping interface using ICMP, you can't just ping any port you like with it. I'm sure there's a million ways to do it but most people just use 'telnet IP port', i.e. 'telnet 1.2.3.4 25' to test connection.

answered Dec 13, 2011 at 21:11

Chopper3

102k9 gold badges110 silver badges240 bronze badges

2

^-- this. telnet works. so does tcping
– RobotHumans
Commented Dec 14, 2011 at 3:13

Add a comment |

user9517 · Accepted Answer · 2011-12-13 21:10:29Z

18

You can't ping ports. What is happening is that 443 is being converted into an IP address and ping is attempting to contact that address (0.0.1.187).

answered Dec 13, 2011 at 21:10

community wiki

user9517

Add a comment |

Jeff Ferland · Accepted Answer · 2011-12-21 05:06:46Z

8

PING 443 (0.0.1.187) 56(124) bytes of data.

Notice the IP address above is interpreted from the number 443 (1 x 256¹ + 187 x 256⁰ = 443).

ICMP (of which ping is a part of) is its own protocol on top of IP. UDP/IP, TCP/IP, and ICMP/IP. There are no ports involved in the ICMP protocol, so there's no port number option on the command line.

There are TCP ping applications that will perform similar functionality over TCP, and you may want to look at those. Manual review of TCP ports or services is often done using telnet or nc (netcat).

edited Dec 21, 2011 at 5:06

answered Dec 13, 2011 at 21:15

Jeff Ferland

20.9k2 gold badges65 silver badges85 bronze badges

Add a comment |

RobW · Accepted Answer · 2011-12-13 21:20:20Z

7

Try using NMap for your port pings.

nmap -p 443 10.4.0.197

Starting Nmap 5.61TEST1 ( http://nmap.org ) at 2011-12-13 13:19 Pacific Standard Time
Nmap scan report for somecomputer (10.4.0.197)
Host is up (0.00s latency).
PORT    STATE  SERVICE
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 0.64 seconds

answered Dec 13, 2011 at 21:20

RobW

2,8061 gold badge20 silver badges23 bronze badges

This is what I would have answered. +1
– Tim
Commented Dec 20, 2011 at 20:32

Add a comment |

Wesley · Accepted Answer · 2011-12-13 21:16:11Z

6

Have you considered that ICMP cannot be used to test for connectivity to TCP/IP ports?

Use a tool like telnet or nmap to test the open or closed state of a port. Here's an example using Telnet to test for VMware connectivty. Here's some info on port scanning with nmap.

edited Dec 13, 2011 at 21:16

answered Dec 13, 2011 at 21:09

Wesley

33k9 gold badges83 silver badges118 bronze badges

Hum, how should I test if my 443 port is receiving data? The address myaddress.com is not responding and I don't know where the fault is. Thanks!
– João Daniel
Commented Dec 13, 2011 at 21:12
@jdanielnd I updated my answer.
– Wesley
Commented Dec 13, 2011 at 21:16
Or use netcat: nc -zvw 5 example.com 443.
– Steven Monday
Commented Dec 13, 2011 at 23:02

Add a comment |

fge · Accepted Answer · 2011-12-13 21:11:49Z

3

This is not the way to do it at all. ping sends ICMP echo requests packets!

What you want is probably telnet xxxx 443, where xxxx is your host name (C-c to interrup telnet and then exit).

answered Dec 13, 2011 at 21:11

fge

3182 silver badges6 bronze badges

Ah ok! Thanks! I did it and got a Connection refused. I'll look it up!
– João Daniel
Commented Dec 13, 2011 at 21:15

Add a comment |

Safado · Accepted Answer · 2011-12-13 21:17:42Z

3

Am I reading this wrong, or are you only listening on port 443 for IPv6?

Are we safe to assume you're trying to set up a web server? If you're trying to set up apache or some other web server, it's not listening on port 443 for ipv4 traffic. Either it's configured incorrectly or you don't have the daemon running.

answered Dec 13, 2011 at 21:17

Safado

4,7867 gold badges39 silver badges56 bronze badges

I'm not sure how to deal with it! Is it possible that I'm listening for both? I can access localhost:80 on my browser. Does Tomcat have any configuration about IPv6? Thanks!
– João Daniel
Commented Dec 13, 2011 at 22:08
I'm not a Tomcat user, so I can't help you there. I'm sure if you create a new question and paste your tomcat config you'll be able to get some help.
– Safado
Commented Dec 13, 2011 at 22:09

Add a comment |

Jeremy · Accepted Answer · 2011-12-20 20:27:21Z

I strongly recommend you take basic networking classes (no offense intended). Network administration is a highly technical job that should be taken seriously.

ping generates ICMP echo-request packets, the ping command is not intended to operate on upper networking layers.

The notion of "ports" is only relevant for UDP and TCP protocols. Ports are used by the TCP/IP stack as a hint to demultiplex IP packets data and deliver them to the right application.

As for what you are trying to do, I personally use the nc -v hostname port command.

Regards,

splattne · Accepted Answer · 2011-12-14 06:54:47Z

2

If you want test if the port is open you can use telnet. Just like

telnet 192.168.2.22 443

edited Dec 14, 2011 at 6:54

splattne

28.7k20 gold badges99 silver badges150 bronze badges

answered Dec 14, 2011 at 6:52

xiaobo

211 bronze badge

Add a comment |

Stack Exchange Network

Why am I Unable to ping port 443 on Ubuntu?

9 Answers 9

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged
linux
firewall
iptables
ping
.

Hot Network Questions

Why am I Unable to ping port 443 on Ubuntu?

9 Answers 9

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged linuxfirewalliptablesping.

Related

Hot Network Questions

Not the answer you're looking for? Browse other questions tagged
linux
firewall
iptables
ping
.