Why am I Unable to ping port 443 on Ubuntu?

I have opened port 443 through iptables:

pkts bytes target prot opt in  out source     destination
  45  2428 ACCEPT all  --  lo  *   0.0.0.0/0  0.0.0.0/0
   6  1009 ACCEPT tcp  --  *   *   0.0.0.0/0  0.0.0.0/0 tcp dpt:80
 141 10788 ACCEPT tcp  --  *   *   0.0.0.0/0  0.0.0.0/0 tcp dpt:22
   0     0 ACCEPT tcp  --  *   *   0.0.0.0/0  0.0.0.0/0 tcp dpt:80
   0     0 ACCEPT tcp  --  *   *   0.0.0.0/0  0.0.0.0/0 tcp dpt:443
   7  1140 ACCEPT all  --  *   *   0.0.0.0/0  0.0.0.0/0 state RELATED,ESTABLISHED
   6   360 DROP   all  --  *   *   0.0.0.0/0  0.0.0.0/0

And it is listening as netstat -a indicates:

Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 *:6311                  *:*                     LISTEN     
tcp        0      0 *:ssh                   *:*                     LISTEN     
tcp        0      0 gauss:ssh               ommited                 ESTABLISHED
tcp        0      0 gauss:ssh               ommited                 ESTABLISHED
tcp6       0      0 localhost:8005          [::]:*                  LISTEN     
tcp6       0      0 [::]:8009               [::]:*                  LISTEN     
tcp6       0      0 [::]:www                [::]:*                  LISTEN     
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN     
tcp6       0      0 [::]:https              [::]:*                  LISTEN     
udp        0      0 *:mdns                  *:*                                
udp        0      0 *:52703                 *:*                                
udp6       0      0 [::]:42168              [::]:*                             
udp6       0      0 [::]:mdns               [::]:*   

However I can't ping port 443:

PING 443 (0.0.1.187) 56(124) bytes of data.
^C
--- 443 ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 6006ms

What's going on?

Solution 1:

The ping utility does what it's supposed to, hit the ping interface using ICMP, you can't just ping any port you like with it. I'm sure there's a million ways to do it but most people just use 'telnet IP port', i.e. 'telnet 1.2.3.4 25' to test connection.

Solution 2:

You can't ping ports. What is happening is that 443 is being converted into an IP address and ping is attempting to contact that address (0.0.1.187).

Solution 3:

PING 443 (0.0.1.187) 56(124) bytes of data.

Notice the IP address above is interpreted from the number 443 (1 x 256¹ + 187 x 256⁰ = 443).

ICMP (of which ping is a part of) is its own protocol on top of IP. UDP/IP, TCP/IP, and ICMP/IP. There are no ports involved in the ICMP protocol, so there's no port number option on the command line.

There are TCP ping applications that will perform similar functionality over TCP, and you may want to look at those. Manual review of TCP ports or services is often done using telnet or nc (netcat).

Solution 4:

Try using NMap for your port pings.

nmap -p 443 10.4.0.197

Starting Nmap 5.61TEST1 ( http://nmap.org ) at 2011-12-13 13:19 Pacific Standard Time
Nmap scan report for somecomputer (10.4.0.197)
Host is up (0.00s latency).
PORT    STATE  SERVICE
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 0.64 seconds