Why am I Unable to ping port 443 on Ubuntu?

linux firewall iptables ping

13,760

Solution 1

The ping utility does what it's supposed to, hit the ping interface using ICMP, you can't just ping any port you like with it. I'm sure there's a million ways to do it but most people just use 'telnet IP port', i.e. 'telnet 1.2.3.4 25' to test connection.

Solution 2

You can't ping ports. What is happening is that 443 is being converted into an IP address and ping is attempting to contact that address (0.0.1.187).

Solution 3

PING 443 (0.0.1.187) 56(124) bytes of data.

Notice the IP address above is interpreted from the number 443 (1 x 256¹ + 187 x 256⁰ = 443).

ICMP (of which ping is a part of) is its own protocol on top of IP. UDP/IP, TCP/IP, and ICMP/IP. There are no ports involved in the ICMP protocol, so there's no port number option on the command line.

There are TCP ping applications that will perform similar functionality over TCP, and you may want to look at those. Manual review of TCP ports or services is often done using telnet or nc (netcat).

Solution 4

Try using NMap for your port pings.

nmap -p 443 10.4.0.197

Starting Nmap 5.61TEST1 ( http://nmap.org ) at 2011-12-13 13:19 Pacific Standard Time
Nmap scan report for somecomputer (10.4.0.197)
Host is up (0.00s latency).
PORT    STATE  SERVICE
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 0.64 seconds

Solution 5

Have you considered that ICMP cannot be used to test for connectivity to TCP/IP ports?

Use a tool like telnet or nmap to test the open or closed state of a port. Here's an example using Telnet to test for VMware connectivty. Here's some info on port scanning with nmap.

View more solutions

13,760

João Daniel

Updated on September 18, 2022

Comments

João Daniel over 1 year

I have opened port 443 through iptables:

pkts bytes target prot opt in  out source     destination
  45  2428 ACCEPT all  --  lo  *   0.0.0.0/0  0.0.0.0/0
   6  1009 ACCEPT tcp  --  *   *   0.0.0.0/0  0.0.0.0/0 tcp dpt:80
 141 10788 ACCEPT tcp  --  *   *   0.0.0.0/0  0.0.0.0/0 tcp dpt:22
   0     0 ACCEPT tcp  --  *   *   0.0.0.0/0  0.0.0.0/0 tcp dpt:80
   0     0 ACCEPT tcp  --  *   *   0.0.0.0/0  0.0.0.0/0 tcp dpt:443
   7  1140 ACCEPT all  --  *   *   0.0.0.0/0  0.0.0.0/0 state RELATED,ESTABLISHED
   6   360 DROP   all  --  *   *   0.0.0.0/0  0.0.0.0/0

And it is listening as netstat -a indicates:

Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 *:6311                  *:*                     LISTEN     
tcp        0      0 *:ssh                   *:*                     LISTEN     
tcp        0      0 gauss:ssh               ommited                 ESTABLISHED
tcp        0      0 gauss:ssh               ommited                 ESTABLISHED
tcp6       0      0 localhost:8005          [::]:*                  LISTEN     
tcp6       0      0 [::]:8009               [::]:*                  LISTEN     
tcp6       0      0 [::]:www                [::]:*                  LISTEN     
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN     
tcp6       0      0 [::]:https              [::]:*                  LISTEN     
udp        0      0 *:mdns                  *:*                                
udp        0      0 *:52703                 *:*                                
udp6       0      0 [::]:42168              [::]:*                             
udp6       0      0 [::]:mdns               [::]:*

However I can't ping port 443:

PING 443 (0.0.1.187) 56(124) bytes of data.
^C
--- 443 ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 6006ms

What's going on?

John Gardeniers over 12 years

Even if you could ping a port, you need something on that port that understands the ping and responds appropriately. Chances are you have a web server on that port and web servers don't speak ping.
Hecter about 12 years

It may be helpful to get familiar with the OSI Reference Model. You can ping an IP (layer 3) address, but ICMP does not understand TCP (layer 4) port numbers.

João Daniel over 12 years

Hum, how should I test if my 443 port is receiving data? The address myaddress.com is not responding and I don't know where the fault is. Thanks!
João Daniel over 12 years

Ah ok! Thanks! I did it and got a Connection refused. I'll look it up!
Wesley over 12 years

@jdanielnd I updated my answer.
João Daniel over 12 years

I'm not sure how to deal with it! Is it possible that I'm listening for both? I can access localhost:80 on my browser. Does Tomcat have any configuration about IPv6? Thanks!
Safado over 12 years

I'm not a Tomcat user, so I can't help you there. I'm sure if you create a new question and paste your tomcat config you'll be able to get some help.
Steven Monday over 12 years

Or use netcat: nc -zvw 5 example.com 443.
RobotHumans over 12 years

^-- this. telnet works. so does tcping
Tim over 12 years

This is what I would have answered. +1