why `nmap 192.168.1.97` returns less services than `nmap 127.0.0.1`? [duplicate] The Next CEO of Stack OverflowDifference between `nmap local-IP-address` and `nmap localhost`Doing nmap on a networkCan you send a TCP packet with RST flag set using IPTABLES as a way to trick NMAP into thinking a port is closed?How to tell stateful vs stateless firewall with nmap ACK scanWhy nmap closed my connection?telnet to an host/port works while no service on this host listening on this portnmap raw packet privileges not working (“operation not permitted”, even as root)Why REJECT slows nmap?specifying more than one character on nmap --ip-optionsExhaustive list of REASONs why a host/server might be down (nmap --reason)What are those “unknown” services listed by nmap?
Where do students learn to solve polynomial equations these days?
How to invert MapIndexed on a ragged structure? How to construct a tree from rules?
Is there a difference between "Fahrstuhl" and "Aufzug"
Running a General Election and the European Elections together
Does increasing your ability score affect your main stat?
Math-accent symbol over parentheses enclosing accented symbol (amsmath)
How to place nodes around a circle from some initial angle?
Why does standard notation not preserve intervals (visually)
I want to delete every two lines after 3rd lines in file contain very large number of lines :
What connection does MS Office have to Netscape Navigator?
Does falling count as part of my movement?
Rotate a column
Why do remote US companies require working in the US?
Can MTA send mail via a relay without being told so?
Why didn't Khan get resurrected in the Genesis Explosion?
Make solar eclipses exceedingly rare, but still have new moons
Is French Guiana a (hard) EU border?
How to get from Geneva Airport to Metabief?
What is the value of α and β in a triangle?
How to count occurrences of text in a file?
Why don't programming languages automatically manage the synchronous/asynchronous problem?
Help understanding this unsettling image of Titan, Epimetheus, and Saturn's rings?
Arranging cats and dogs - what is wrong with my approach
How many extra stops do monopods offer for tele photographs?
why `nmap 192.168.1.97` returns less services than `nmap 127.0.0.1`? [duplicate]
The Next CEO of Stack OverflowDifference between `nmap local-IP-address` and `nmap localhost`Doing nmap on a networkCan you send a TCP packet with RST flag set using IPTABLES as a way to trick NMAP into thinking a port is closed?How to tell stateful vs stateless firewall with nmap ACK scanWhy nmap closed my connection?telnet to an host/port works while no service on this host listening on this portnmap raw packet privileges not working (“operation not permitted”, even as root)Why REJECT slows nmap?specifying more than one character on nmap --ip-optionsExhaustive list of REASONs why a host/server might be down (nmap --reason)What are those “unknown” services listed by nmap?
This question already has an answer here:
Difference between `nmap local-IP-address` and `nmap localhost`
3 answers
According to https://networkengineering.stackexchange.com/a/57909/, a packet sent to 192.168.1.97 "doesn't leave the host but is treated like a packet received from the network, addressed to 192.168.1.97." So same as sending a packet to loop back 127.0.0.1.
why does nmap 127.0.0.1
return more services than nmap 192.168.1.97
?
Does nmap 127.0.0.1
necessarily also return those services returned by nmap 192.168.1.97
? Does a server listening at 192.168.1.97
necessarily also listen at 127.0.0.1
?
$ nmap -p0-65535 192.168.1.97
Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT
Nmap scan report for ocean (192.168.1.97)
Host is up (0.00039s latency).
Not shown: 65532 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
3306/tcp open mysql
33060/tcp open mysqlx
Nmap done: 1 IP address (1 host up) scanned in 9.55 seconds
$ nmap -p0-65535 localhost
Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00033s latency).
Other addresses for localhost (not scanned):
Not shown: 65529 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
631/tcp open ipp
3306/tcp open mysql
5432/tcp open postgresql
9050/tcp open tor-socks
33060/tcp open mysqlx
Nmap done: 1 IP address (1 host up) scanned in 5.39 seconds
Thanks.
nmap ip-address loopback
marked as duplicate by Jeff Schaller♦, Michael Homer, Stephen Harris, jimmij, Gilles Mar 24 at 23:30
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
|
show 2 more comments
This question already has an answer here:
Difference between `nmap local-IP-address` and `nmap localhost`
3 answers
According to https://networkengineering.stackexchange.com/a/57909/, a packet sent to 192.168.1.97 "doesn't leave the host but is treated like a packet received from the network, addressed to 192.168.1.97." So same as sending a packet to loop back 127.0.0.1.
why does nmap 127.0.0.1
return more services than nmap 192.168.1.97
?
Does nmap 127.0.0.1
necessarily also return those services returned by nmap 192.168.1.97
? Does a server listening at 192.168.1.97
necessarily also listen at 127.0.0.1
?
$ nmap -p0-65535 192.168.1.97
Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT
Nmap scan report for ocean (192.168.1.97)
Host is up (0.00039s latency).
Not shown: 65532 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
3306/tcp open mysql
33060/tcp open mysqlx
Nmap done: 1 IP address (1 host up) scanned in 9.55 seconds
$ nmap -p0-65535 localhost
Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00033s latency).
Other addresses for localhost (not scanned):
Not shown: 65529 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
631/tcp open ipp
3306/tcp open mysql
5432/tcp open postgresql
9050/tcp open tor-socks
33060/tcp open mysqlx
Nmap done: 1 IP address (1 host up) scanned in 5.39 seconds
Thanks.
nmap ip-address loopback
marked as duplicate by Jeff Schaller♦, Michael Homer, Stephen Harris, jimmij, Gilles Mar 24 at 23:30
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
Because not all services are listening on the external interface?
– Kusalananda♦
Mar 23 at 22:57
Seems to me that Rui's Answer there applies here.
– Jeff Schaller♦
Mar 23 at 23:20
@Kusalananda In particular, does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at192.168.1.97
necessarily also listen at127.0.0.1
?
– Tim
Mar 23 at 23:21
They're different addresses, why would a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?
– 炸鱼薯条德里克
Mar 24 at 1:35
Somehow, I don't think the other guy on Network Engineering answered correctly. When you specify an ip address to send packet, it would have to go to router to be . . . routed, duh. Butlocalhost
would be resolved to 127.0.0.1 just like 127.0.0.1 itself would be understood as loopback.
– Sergiy Kolodyazhnyy
Mar 24 at 5:03
|
show 2 more comments
This question already has an answer here:
Difference between `nmap local-IP-address` and `nmap localhost`
3 answers
According to https://networkengineering.stackexchange.com/a/57909/, a packet sent to 192.168.1.97 "doesn't leave the host but is treated like a packet received from the network, addressed to 192.168.1.97." So same as sending a packet to loop back 127.0.0.1.
why does nmap 127.0.0.1
return more services than nmap 192.168.1.97
?
Does nmap 127.0.0.1
necessarily also return those services returned by nmap 192.168.1.97
? Does a server listening at 192.168.1.97
necessarily also listen at 127.0.0.1
?
$ nmap -p0-65535 192.168.1.97
Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT
Nmap scan report for ocean (192.168.1.97)
Host is up (0.00039s latency).
Not shown: 65532 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
3306/tcp open mysql
33060/tcp open mysqlx
Nmap done: 1 IP address (1 host up) scanned in 9.55 seconds
$ nmap -p0-65535 localhost
Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00033s latency).
Other addresses for localhost (not scanned):
Not shown: 65529 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
631/tcp open ipp
3306/tcp open mysql
5432/tcp open postgresql
9050/tcp open tor-socks
33060/tcp open mysqlx
Nmap done: 1 IP address (1 host up) scanned in 5.39 seconds
Thanks.
nmap ip-address loopback
This question already has an answer here:
Difference between `nmap local-IP-address` and `nmap localhost`
3 answers
According to https://networkengineering.stackexchange.com/a/57909/, a packet sent to 192.168.1.97 "doesn't leave the host but is treated like a packet received from the network, addressed to 192.168.1.97." So same as sending a packet to loop back 127.0.0.1.
why does nmap 127.0.0.1
return more services than nmap 192.168.1.97
?
Does nmap 127.0.0.1
necessarily also return those services returned by nmap 192.168.1.97
? Does a server listening at 192.168.1.97
necessarily also listen at 127.0.0.1
?
$ nmap -p0-65535 192.168.1.97
Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT
Nmap scan report for ocean (192.168.1.97)
Host is up (0.00039s latency).
Not shown: 65532 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
3306/tcp open mysql
33060/tcp open mysqlx
Nmap done: 1 IP address (1 host up) scanned in 9.55 seconds
$ nmap -p0-65535 localhost
Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00033s latency).
Other addresses for localhost (not scanned):
Not shown: 65529 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
631/tcp open ipp
3306/tcp open mysql
5432/tcp open postgresql
9050/tcp open tor-socks
33060/tcp open mysqlx
Nmap done: 1 IP address (1 host up) scanned in 5.39 seconds
Thanks.
This question already has an answer here:
Difference between `nmap local-IP-address` and `nmap localhost`
3 answers
nmap ip-address loopback
nmap ip-address loopback
edited Mar 24 at 21:48
Tim
asked Mar 23 at 22:52
TimTim
28.3k78269490
28.3k78269490
marked as duplicate by Jeff Schaller♦, Michael Homer, Stephen Harris, jimmij, Gilles Mar 24 at 23:30
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
marked as duplicate by Jeff Schaller♦, Michael Homer, Stephen Harris, jimmij, Gilles Mar 24 at 23:30
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
Because not all services are listening on the external interface?
– Kusalananda♦
Mar 23 at 22:57
Seems to me that Rui's Answer there applies here.
– Jeff Schaller♦
Mar 23 at 23:20
@Kusalananda In particular, does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at192.168.1.97
necessarily also listen at127.0.0.1
?
– Tim
Mar 23 at 23:21
They're different addresses, why would a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?
– 炸鱼薯条德里克
Mar 24 at 1:35
Somehow, I don't think the other guy on Network Engineering answered correctly. When you specify an ip address to send packet, it would have to go to router to be . . . routed, duh. Butlocalhost
would be resolved to 127.0.0.1 just like 127.0.0.1 itself would be understood as loopback.
– Sergiy Kolodyazhnyy
Mar 24 at 5:03
|
show 2 more comments
Because not all services are listening on the external interface?
– Kusalananda♦
Mar 23 at 22:57
Seems to me that Rui's Answer there applies here.
– Jeff Schaller♦
Mar 23 at 23:20
@Kusalananda In particular, does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at192.168.1.97
necessarily also listen at127.0.0.1
?
– Tim
Mar 23 at 23:21
They're different addresses, why would a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?
– 炸鱼薯条德里克
Mar 24 at 1:35
Somehow, I don't think the other guy on Network Engineering answered correctly. When you specify an ip address to send packet, it would have to go to router to be . . . routed, duh. Butlocalhost
would be resolved to 127.0.0.1 just like 127.0.0.1 itself would be understood as loopback.
– Sergiy Kolodyazhnyy
Mar 24 at 5:03
Because not all services are listening on the external interface?
– Kusalananda♦
Mar 23 at 22:57
Because not all services are listening on the external interface?
– Kusalananda♦
Mar 23 at 22:57
Seems to me that Rui's Answer there applies here.
– Jeff Schaller♦
Mar 23 at 23:20
Seems to me that Rui's Answer there applies here.
– Jeff Schaller♦
Mar 23 at 23:20
@Kusalananda In particular, does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at
192.168.1.97
necessarily also listen at 127.0.0.1
?– Tim
Mar 23 at 23:21
@Kusalananda In particular, does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at
192.168.1.97
necessarily also listen at 127.0.0.1
?– Tim
Mar 23 at 23:21
They're different addresses, why would a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?
– 炸鱼薯条德里克
Mar 24 at 1:35
They're different addresses, why would a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?
– 炸鱼薯条德里克
Mar 24 at 1:35
Somehow, I don't think the other guy on Network Engineering answered correctly. When you specify an ip address to send packet, it would have to go to router to be . . . routed, duh. But
localhost
would be resolved to 127.0.0.1 just like 127.0.0.1 itself would be understood as loopback.– Sergiy Kolodyazhnyy
Mar 24 at 5:03
Somehow, I don't think the other guy on Network Engineering answered correctly. When you specify an ip address to send packet, it would have to go to router to be . . . routed, duh. But
localhost
would be resolved to 127.0.0.1 just like 127.0.0.1 itself would be understood as loopback.– Sergiy Kolodyazhnyy
Mar 24 at 5:03
|
show 2 more comments
4 Answers
4
active
oldest
votes
In short, they are two different interfaces (192.168.1.97 vs 127.0.0.1), and may have different firewall rules applied and/or services listening. Being on the same machine means relatively little.
Thanks. Doesnmap -p0-65535 0.0.0.0
scan all the IP addresses on the local host, and report services listening at ports at all these IP addresses including 192.168.1.97 and 127.0.0.1?
– Tim
Mar 24 at 21:53
No. It scans only a single IP address, 0.0.0.0. Which is not really a valid host IP.
– John
Mar 25 at 1:39
add a comment |
No, a service listening to a port on an external interface does not necessarily also listen on that port on localhost
.
You can test this with something like
nc -l external-ip-address port-number
Then run nmap
against localhost
, then against the external IP address.
Thanks. What do you mean by an "external interface"? What is an "internal interface"? The IP address 192.168.1.97 in my post is private (internal), not public (external).
– Tim
Mar 24 at 21:50
@Tim By "external" interface, I meant "an interface that is accessible from the outside", as opposed to an internal interface, the loopback interface. I believe I might have used the terms quite loosely to differentiate externally available services (services listening to an address that is externally visible) and services only available on 127.0.0.1.
– Kusalananda♦
Mar 24 at 21:54
add a comment |
why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?
Because to improve security many services are configured by default to only listen on 127.0.0.1 (and/or the IPv6 equivilent ::1)
Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?
No
Generally a service can create a listening socket to listen on.
- A specific IP, such a listening socket will only accept traffic destined for that specific IP.
- 0.0.0.0 , this will accept traffic to all IPv4 IPs assigned to the machine.
- :: this will accept traffic to all IPv6 IPs assigned to the machine. It may or may not accept traffic destined to IPv4 IPs on the machine depending on the particular OS, system wide configuration and socket-specific options.
add a comment |
The 127-type of address is internal only, as per RFC1122:
Internal host loopback address. Addresses of this form
MUST NOT appear outside a host.
This means that those services are listening locally. The 192.168.1.97
is your public-facing address, and that's how router and other computers know you. The 127.0.0.1/8 in a sense is a "simulation" of a network. You can test things with it, you can run local services on and exchange packets between them - essentially same things as you'd do with an actual internet resource. In fact, that's what web developers do: they set up local environment and run XAMP or LAMP stack locally before moving on to production environment when polished product will actually face the internet.
Now, it should not happen that you receive a packet from 127.x.x.x type of address on public facing interface like eth0 or wlan0. If that happens, this is called Martian packet, and it's likely that someone is trying to attack your host or network.
In a certain sense you could make it an analogy between your router and your computer. On LAN, your router has 192.168.1.0 address, but to the internet it is known as 68.125.xx.yy ( disclamer: random example, not an actual IP address intended here ). The router might expose to the internet only port 53 ( DNS ), but internally you could have port 80 ( HTTP control panel ) and 53. Same idea with your computer.
Of course, the services would have to be configured to listen on either public or local interface only. For instance, Redis server comes preconfigured to listen only on 127.0.0.1, because security reasons.
See also
- What is the difference between 0.0.0.0 and a loopback IP address?
- Wikipedia's article about localhost
add a comment |
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
In short, they are two different interfaces (192.168.1.97 vs 127.0.0.1), and may have different firewall rules applied and/or services listening. Being on the same machine means relatively little.
Thanks. Doesnmap -p0-65535 0.0.0.0
scan all the IP addresses on the local host, and report services listening at ports at all these IP addresses including 192.168.1.97 and 127.0.0.1?
– Tim
Mar 24 at 21:53
No. It scans only a single IP address, 0.0.0.0. Which is not really a valid host IP.
– John
Mar 25 at 1:39
add a comment |
In short, they are two different interfaces (192.168.1.97 vs 127.0.0.1), and may have different firewall rules applied and/or services listening. Being on the same machine means relatively little.
Thanks. Doesnmap -p0-65535 0.0.0.0
scan all the IP addresses on the local host, and report services listening at ports at all these IP addresses including 192.168.1.97 and 127.0.0.1?
– Tim
Mar 24 at 21:53
No. It scans only a single IP address, 0.0.0.0. Which is not really a valid host IP.
– John
Mar 25 at 1:39
add a comment |
In short, they are two different interfaces (192.168.1.97 vs 127.0.0.1), and may have different firewall rules applied and/or services listening. Being on the same machine means relatively little.
In short, they are two different interfaces (192.168.1.97 vs 127.0.0.1), and may have different firewall rules applied and/or services listening. Being on the same machine means relatively little.
answered Mar 24 at 0:16
JohnJohn
11.8k11931
11.8k11931
Thanks. Doesnmap -p0-65535 0.0.0.0
scan all the IP addresses on the local host, and report services listening at ports at all these IP addresses including 192.168.1.97 and 127.0.0.1?
– Tim
Mar 24 at 21:53
No. It scans only a single IP address, 0.0.0.0. Which is not really a valid host IP.
– John
Mar 25 at 1:39
add a comment |
Thanks. Doesnmap -p0-65535 0.0.0.0
scan all the IP addresses on the local host, and report services listening at ports at all these IP addresses including 192.168.1.97 and 127.0.0.1?
– Tim
Mar 24 at 21:53
No. It scans only a single IP address, 0.0.0.0. Which is not really a valid host IP.
– John
Mar 25 at 1:39
Thanks. Does
nmap -p0-65535 0.0.0.0
scan all the IP addresses on the local host, and report services listening at ports at all these IP addresses including 192.168.1.97 and 127.0.0.1?– Tim
Mar 24 at 21:53
Thanks. Does
nmap -p0-65535 0.0.0.0
scan all the IP addresses on the local host, and report services listening at ports at all these IP addresses including 192.168.1.97 and 127.0.0.1?– Tim
Mar 24 at 21:53
No. It scans only a single IP address, 0.0.0.0. Which is not really a valid host IP.
– John
Mar 25 at 1:39
No. It scans only a single IP address, 0.0.0.0. Which is not really a valid host IP.
– John
Mar 25 at 1:39
add a comment |
No, a service listening to a port on an external interface does not necessarily also listen on that port on localhost
.
You can test this with something like
nc -l external-ip-address port-number
Then run nmap
against localhost
, then against the external IP address.
Thanks. What do you mean by an "external interface"? What is an "internal interface"? The IP address 192.168.1.97 in my post is private (internal), not public (external).
– Tim
Mar 24 at 21:50
@Tim By "external" interface, I meant "an interface that is accessible from the outside", as opposed to an internal interface, the loopback interface. I believe I might have used the terms quite loosely to differentiate externally available services (services listening to an address that is externally visible) and services only available on 127.0.0.1.
– Kusalananda♦
Mar 24 at 21:54
add a comment |
No, a service listening to a port on an external interface does not necessarily also listen on that port on localhost
.
You can test this with something like
nc -l external-ip-address port-number
Then run nmap
against localhost
, then against the external IP address.
Thanks. What do you mean by an "external interface"? What is an "internal interface"? The IP address 192.168.1.97 in my post is private (internal), not public (external).
– Tim
Mar 24 at 21:50
@Tim By "external" interface, I meant "an interface that is accessible from the outside", as opposed to an internal interface, the loopback interface. I believe I might have used the terms quite loosely to differentiate externally available services (services listening to an address that is externally visible) and services only available on 127.0.0.1.
– Kusalananda♦
Mar 24 at 21:54
add a comment |
No, a service listening to a port on an external interface does not necessarily also listen on that port on localhost
.
You can test this with something like
nc -l external-ip-address port-number
Then run nmap
against localhost
, then against the external IP address.
No, a service listening to a port on an external interface does not necessarily also listen on that port on localhost
.
You can test this with something like
nc -l external-ip-address port-number
Then run nmap
against localhost
, then against the external IP address.
answered Mar 23 at 23:35
Kusalananda♦Kusalananda
138k17258428
138k17258428
Thanks. What do you mean by an "external interface"? What is an "internal interface"? The IP address 192.168.1.97 in my post is private (internal), not public (external).
– Tim
Mar 24 at 21:50
@Tim By "external" interface, I meant "an interface that is accessible from the outside", as opposed to an internal interface, the loopback interface. I believe I might have used the terms quite loosely to differentiate externally available services (services listening to an address that is externally visible) and services only available on 127.0.0.1.
– Kusalananda♦
Mar 24 at 21:54
add a comment |
Thanks. What do you mean by an "external interface"? What is an "internal interface"? The IP address 192.168.1.97 in my post is private (internal), not public (external).
– Tim
Mar 24 at 21:50
@Tim By "external" interface, I meant "an interface that is accessible from the outside", as opposed to an internal interface, the loopback interface. I believe I might have used the terms quite loosely to differentiate externally available services (services listening to an address that is externally visible) and services only available on 127.0.0.1.
– Kusalananda♦
Mar 24 at 21:54
Thanks. What do you mean by an "external interface"? What is an "internal interface"? The IP address 192.168.1.97 in my post is private (internal), not public (external).
– Tim
Mar 24 at 21:50
Thanks. What do you mean by an "external interface"? What is an "internal interface"? The IP address 192.168.1.97 in my post is private (internal), not public (external).
– Tim
Mar 24 at 21:50
@Tim By "external" interface, I meant "an interface that is accessible from the outside", as opposed to an internal interface, the loopback interface. I believe I might have used the terms quite loosely to differentiate externally available services (services listening to an address that is externally visible) and services only available on 127.0.0.1.
– Kusalananda♦
Mar 24 at 21:54
@Tim By "external" interface, I meant "an interface that is accessible from the outside", as opposed to an internal interface, the loopback interface. I believe I might have used the terms quite loosely to differentiate externally available services (services listening to an address that is externally visible) and services only available on 127.0.0.1.
– Kusalananda♦
Mar 24 at 21:54
add a comment |
why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?
Because to improve security many services are configured by default to only listen on 127.0.0.1 (and/or the IPv6 equivilent ::1)
Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?
No
Generally a service can create a listening socket to listen on.
- A specific IP, such a listening socket will only accept traffic destined for that specific IP.
- 0.0.0.0 , this will accept traffic to all IPv4 IPs assigned to the machine.
- :: this will accept traffic to all IPv6 IPs assigned to the machine. It may or may not accept traffic destined to IPv4 IPs on the machine depending on the particular OS, system wide configuration and socket-specific options.
add a comment |
why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?
Because to improve security many services are configured by default to only listen on 127.0.0.1 (and/or the IPv6 equivilent ::1)
Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?
No
Generally a service can create a listening socket to listen on.
- A specific IP, such a listening socket will only accept traffic destined for that specific IP.
- 0.0.0.0 , this will accept traffic to all IPv4 IPs assigned to the machine.
- :: this will accept traffic to all IPv6 IPs assigned to the machine. It may or may not accept traffic destined to IPv4 IPs on the machine depending on the particular OS, system wide configuration and socket-specific options.
add a comment |
why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?
Because to improve security many services are configured by default to only listen on 127.0.0.1 (and/or the IPv6 equivilent ::1)
Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?
No
Generally a service can create a listening socket to listen on.
- A specific IP, such a listening socket will only accept traffic destined for that specific IP.
- 0.0.0.0 , this will accept traffic to all IPv4 IPs assigned to the machine.
- :: this will accept traffic to all IPv6 IPs assigned to the machine. It may or may not accept traffic destined to IPv4 IPs on the machine depending on the particular OS, system wide configuration and socket-specific options.
why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?
Because to improve security many services are configured by default to only listen on 127.0.0.1 (and/or the IPv6 equivilent ::1)
Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?
No
Generally a service can create a listening socket to listen on.
- A specific IP, such a listening socket will only accept traffic destined for that specific IP.
- 0.0.0.0 , this will accept traffic to all IPv4 IPs assigned to the machine.
- :: this will accept traffic to all IPv6 IPs assigned to the machine. It may or may not accept traffic destined to IPv4 IPs on the machine depending on the particular OS, system wide configuration and socket-specific options.
answered Mar 24 at 1:03
plugwashplugwash
1,950619
1,950619
add a comment |
add a comment |
The 127-type of address is internal only, as per RFC1122:
Internal host loopback address. Addresses of this form
MUST NOT appear outside a host.
This means that those services are listening locally. The 192.168.1.97
is your public-facing address, and that's how router and other computers know you. The 127.0.0.1/8 in a sense is a "simulation" of a network. You can test things with it, you can run local services on and exchange packets between them - essentially same things as you'd do with an actual internet resource. In fact, that's what web developers do: they set up local environment and run XAMP or LAMP stack locally before moving on to production environment when polished product will actually face the internet.
Now, it should not happen that you receive a packet from 127.x.x.x type of address on public facing interface like eth0 or wlan0. If that happens, this is called Martian packet, and it's likely that someone is trying to attack your host or network.
In a certain sense you could make it an analogy between your router and your computer. On LAN, your router has 192.168.1.0 address, but to the internet it is known as 68.125.xx.yy ( disclamer: random example, not an actual IP address intended here ). The router might expose to the internet only port 53 ( DNS ), but internally you could have port 80 ( HTTP control panel ) and 53. Same idea with your computer.
Of course, the services would have to be configured to listen on either public or local interface only. For instance, Redis server comes preconfigured to listen only on 127.0.0.1, because security reasons.
See also
- What is the difference between 0.0.0.0 and a loopback IP address?
- Wikipedia's article about localhost
add a comment |
The 127-type of address is internal only, as per RFC1122:
Internal host loopback address. Addresses of this form
MUST NOT appear outside a host.
This means that those services are listening locally. The 192.168.1.97
is your public-facing address, and that's how router and other computers know you. The 127.0.0.1/8 in a sense is a "simulation" of a network. You can test things with it, you can run local services on and exchange packets between them - essentially same things as you'd do with an actual internet resource. In fact, that's what web developers do: they set up local environment and run XAMP or LAMP stack locally before moving on to production environment when polished product will actually face the internet.
Now, it should not happen that you receive a packet from 127.x.x.x type of address on public facing interface like eth0 or wlan0. If that happens, this is called Martian packet, and it's likely that someone is trying to attack your host or network.
In a certain sense you could make it an analogy between your router and your computer. On LAN, your router has 192.168.1.0 address, but to the internet it is known as 68.125.xx.yy ( disclamer: random example, not an actual IP address intended here ). The router might expose to the internet only port 53 ( DNS ), but internally you could have port 80 ( HTTP control panel ) and 53. Same idea with your computer.
Of course, the services would have to be configured to listen on either public or local interface only. For instance, Redis server comes preconfigured to listen only on 127.0.0.1, because security reasons.
See also
- What is the difference between 0.0.0.0 and a loopback IP address?
- Wikipedia's article about localhost
add a comment |
The 127-type of address is internal only, as per RFC1122:
Internal host loopback address. Addresses of this form
MUST NOT appear outside a host.
This means that those services are listening locally. The 192.168.1.97
is your public-facing address, and that's how router and other computers know you. The 127.0.0.1/8 in a sense is a "simulation" of a network. You can test things with it, you can run local services on and exchange packets between them - essentially same things as you'd do with an actual internet resource. In fact, that's what web developers do: they set up local environment and run XAMP or LAMP stack locally before moving on to production environment when polished product will actually face the internet.
Now, it should not happen that you receive a packet from 127.x.x.x type of address on public facing interface like eth0 or wlan0. If that happens, this is called Martian packet, and it's likely that someone is trying to attack your host or network.
In a certain sense you could make it an analogy between your router and your computer. On LAN, your router has 192.168.1.0 address, but to the internet it is known as 68.125.xx.yy ( disclamer: random example, not an actual IP address intended here ). The router might expose to the internet only port 53 ( DNS ), but internally you could have port 80 ( HTTP control panel ) and 53. Same idea with your computer.
Of course, the services would have to be configured to listen on either public or local interface only. For instance, Redis server comes preconfigured to listen only on 127.0.0.1, because security reasons.
See also
- What is the difference between 0.0.0.0 and a loopback IP address?
- Wikipedia's article about localhost
The 127-type of address is internal only, as per RFC1122:
Internal host loopback address. Addresses of this form
MUST NOT appear outside a host.
This means that those services are listening locally. The 192.168.1.97
is your public-facing address, and that's how router and other computers know you. The 127.0.0.1/8 in a sense is a "simulation" of a network. You can test things with it, you can run local services on and exchange packets between them - essentially same things as you'd do with an actual internet resource. In fact, that's what web developers do: they set up local environment and run XAMP or LAMP stack locally before moving on to production environment when polished product will actually face the internet.
Now, it should not happen that you receive a packet from 127.x.x.x type of address on public facing interface like eth0 or wlan0. If that happens, this is called Martian packet, and it's likely that someone is trying to attack your host or network.
In a certain sense you could make it an analogy between your router and your computer. On LAN, your router has 192.168.1.0 address, but to the internet it is known as 68.125.xx.yy ( disclamer: random example, not an actual IP address intended here ). The router might expose to the internet only port 53 ( DNS ), but internally you could have port 80 ( HTTP control panel ) and 53. Same idea with your computer.
Of course, the services would have to be configured to listen on either public or local interface only. For instance, Redis server comes preconfigured to listen only on 127.0.0.1, because security reasons.
See also
- What is the difference between 0.0.0.0 and a loopback IP address?
- Wikipedia's article about localhost
answered Mar 24 at 4:52
Sergiy KolodyazhnyySergiy Kolodyazhnyy
10.7k42764
10.7k42764
add a comment |
add a comment |
Because not all services are listening on the external interface?
– Kusalananda♦
Mar 23 at 22:57
Seems to me that Rui's Answer there applies here.
– Jeff Schaller♦
Mar 23 at 23:20
@Kusalananda In particular, does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at
192.168.1.97
necessarily also listen at127.0.0.1
?– Tim
Mar 23 at 23:21
They're different addresses, why would a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?
– 炸鱼薯条德里克
Mar 24 at 1:35
Somehow, I don't think the other guy on Network Engineering answered correctly. When you specify an ip address to send packet, it would have to go to router to be . . . routed, duh. But
localhost
would be resolved to 127.0.0.1 just like 127.0.0.1 itself would be understood as loopback.– Sergiy Kolodyazhnyy
Mar 24 at 5:03