I have a server that is currently accepting HTTPS requests and the only thing that shows with netstat -plnt is this:
elijahlynn@web:~$ sudo netstat -plnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 10.218.108.1:53 0.0.0.0:* LISTEN 10242/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1111/sshd
tcp6 0 0 fd42:9324:ab98:50fb::53 :::* LISTEN 10242/dnsmasq
tcp6 0 0 fe80::c024:c5ff:fe68:53 :::* LISTEN 10242/dnsmasq
tcp6 0 0 :::22 :::* LISTEN 1111/sshd
And sudo lsof -i :443 returns nothing as well.
I have tried variations of the ss tool as well but no luck in seeing anything listening.
This server uses iptables to forward traffic to an LXC "haproxy" container but from my understanding, first the OS needs to bind a port to a dameon or application to begin with. The fact that this isn't showing any ports in the LISTEN state yet still serves traffic is really challenging my understanding of how things work.
Is there any way that this is possible for a program to be listening on a port but not showing with netstat, lsof or ss?
UPDATE:
elijahlynn@web:~$ sudo iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:domain /* generated for LXD network lxdbr0 */
ACCEPT udp -- anywhere anywhere udp dpt:domain /* generated for LXD network lxdbr0 */
ACCEPT udp -- anywhere anywhere udp dpt:bootps /* generated for LXD network lxdbr0 */
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* generated for LXD network lxdbr0 */
ACCEPT all -- anywhere anywhere /* generated for LXD network lxdbr0 */
ACCEPT all -- anywhere 10.0.0.0/8 state NEW,RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:domain /* generated for LXD network lxdbr0 */
ACCEPT udp -- anywhere anywhere udp spt:domain /* generated for LXD network lxdbr0 */
ACCEPT udp -- anywhere anywhere udp spt:bootps /* generated for LXD network lxdbr0 */
UPDATE2:
elijahlynn@web:~$ sudo ss -lptn | column -t
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 32 10.218.108.1:53 *:* users:(("dnsmasq",pid=10242,fd=9))
LISTEN 0 128 *:22 *:* users:(("sshd",pid=1111,fd=3))
LISTEN 0 32 fd42:9324:ab98:50fb::1:53 :::* users:(("dnsmasq",pid=10242,fd=13))
LISTEN 0 32 fe80::c024:c5ff:fe68:999e%lxdbr0:53 :::* users:(("dnsmasq",pid=10242,fd=11))
LISTEN 0 128 :::22 :::* users:(("sshd",pid=1111,fd=4))
UPDATE3:
elijahlynn@web:~$ sudo lsof -i -n | column -t
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 1111 root 3u IPv4 786 0t0 TCP *:ssh (LISTEN)
sshd 1111 root 4u IPv6 788 0t0 TCP *:ssh (LISTEN)
dnsmasq 10242 lxd 4u IPv4 343469983 0t0 UDP *:bootps
dnsmasq 10242 lxd 6u IPv6 343469985 0t0 UDP *:dhcpv6-server
dnsmasq 10242 lxd 8u IPv4 343469988 0t0 UDP 10.218.108.1:domain
dnsmasq 10242 lxd 9u IPv4 343469989 0t0 TCP 10.218.108.1:domain (LISTEN)
dnsmasq 10242 lxd 10u IPv6 343469990 0t0 UDP [fe80::c024:c5ff:fe68:999e]:domain
dnsmasq 10242 lxd 11u IPv6 343469991 0t0 TCP [fe80::c024:c5ff:fe68:999e]:domain (LISTEN)
dnsmasq 10242 lxd 12u IPv6 343469992 0t0 UDP [fd42:9324:ab98:50fb::1]:domain
dnsmasq 10242 lxd 13u IPv6 343469993 0t0 TCP [fd42:9324:ab98:50fb::1]:domain (LISTEN)
iptablescan do a lot of voodoo to traffic -- look for a redirect rule. And LXC can further muddy the waters with different network namespaces --ip netns listYet, from dom-0
lsof -n -P -i :53returns nothing.Maybe you want to use nmap for scanning port on your server, here an example :
Check if you have anything in the nat table:
sudo iptables -t nat -LThe filter table is the only thing shown in your original output, while if iptables is redirecting 443 to some listening port present, it will be in the NAT table.