why `nmap 192.168.1.97` returns less services than `nmap 127.0.0.1`? [duplicate]Difference between `nmap local-IP-address` and `nmap localhost`Doing nmap on a networkCan you send a TCP packet with RST flag set using IPTABLES as a way to trick NMAP into thinking a port is closed?How to tell stateful vs stateless firewall with nmap ACK scanWhy nmap closed my connection?telnet to an host/port works while no service on this host listening on this portnmap raw packet privileges not working (“operation not permitted”, even as root)Why REJECT slows nmap?Exhaustive list of REASONs why a host/server might be down (nmap --reason)What are those “unknown” services listed by nmap?Does `nmap -p0-65535 0.0.0.0` scan all the IP addresses on the local host?

What does "舐め取られてる" mean in this sentence?

First Match - awk

Why were helmets and other body armour not commonplace in the 1800s?

Are black holes spherical during merger?

Am I a new writer?

Open office space - complaints for noise - how to respond

Why did Jon Snow do this immoral act if he is so honorable?

Can I connect my older mathematica front-end to the free wolfram engine?

Popcorn is the only acceptable snack to consume while watching a movie

Is "cool" appropriate or offensive to use in IMs?

Is the field of q-series 'dead'?

Does this strict reading of the rules allow both Extra Attack and the Thirsting Blade warlock invocation to be used together?

Defining the standard model of PA so that a space alien could understand

USPS Back Room - Trespassing?

Why aren't space telescopes put in GEO?

How to respond to upset student?

My players want to grind XP but we're using milestone advancement

Construct a word ladder

Why does the hash of infinity have the digits of π?

The roles understanding in the agile development / Is the PO always right?

Make 24 using exactly three 3s

Sankey diagram: not getting the hang of it

Specific alignment within beginalign environment

How can I tell if I'm being too picky as a referee?



why `nmap 192.168.1.97` returns less services than `nmap 127.0.0.1`? [duplicate]


Difference between `nmap local-IP-address` and `nmap localhost`Doing nmap on a networkCan you send a TCP packet with RST flag set using IPTABLES as a way to trick NMAP into thinking a port is closed?How to tell stateful vs stateless firewall with nmap ACK scanWhy nmap closed my connection?telnet to an host/port works while no service on this host listening on this portnmap raw packet privileges not working (“operation not permitted”, even as root)Why REJECT slows nmap?Exhaustive list of REASONs why a host/server might be down (nmap --reason)What are those “unknown” services listed by nmap?Does `nmap -p0-65535 0.0.0.0` scan all the IP addresses on the local host?






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








7
















This question already has an answer here:



  • Difference between `nmap local-IP-address` and `nmap localhost`

    3 answers



According to https://networkengineering.stackexchange.com/a/57909/, a packet sent to 192.168.1.97 "doesn't leave the host but is treated like a packet received from the network, addressed to 192.168.1.97." So same as sending a packet to loop back 127.0.0.1.



why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?



Does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?



$ nmap -p0-65535 192.168.1.97

Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT
Nmap scan report for ocean (192.168.1.97)
Host is up (0.00039s latency).
Not shown: 65532 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
3306/tcp open mysql
33060/tcp open mysqlx

Nmap done: 1 IP address (1 host up) scanned in 9.55 seconds

$ nmap -p0-65535 localhost

Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00033s latency).
Other addresses for localhost (not scanned):
Not shown: 65529 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
631/tcp open ipp
3306/tcp open mysql
5432/tcp open postgresql
9050/tcp open tor-socks
33060/tcp open mysqlx

Nmap done: 1 IP address (1 host up) scanned in 5.39 seconds


Thanks.






nmap ip-address loopback







share|improve this question















marked as duplicate by Jeff Schaller, Michael Homer, Stephen Harris, jimmij, Gilles Mar 24 at 23:30


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.


















  • Because not all services are listening on the external interface?

    – Kusalananda
    Mar 23 at 22:57











  • Seems to me that Rui's Answer there applies here.

    – Jeff Schaller
    Mar 23 at 23:20











  • @Kusalananda In particular, does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

    – Tim
    Mar 23 at 23:21












  • They're different addresses, why would a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

    – 炸鱼薯条德里克
    Mar 24 at 1:35











  • Somehow, I don't think the other guy on Network Engineering answered correctly. When you specify an ip address to send packet, it would have to go to router to be . . . routed, duh. But localhost would be resolved to 127.0.0.1 just like 127.0.0.1 itself would be understood as loopback.

    – Sergiy Kolodyazhnyy
    Mar 24 at 5:03

















7
















This question already has an answer here:



  • Difference between `nmap local-IP-address` and `nmap localhost`

    3 answers



According to https://networkengineering.stackexchange.com/a/57909/, a packet sent to 192.168.1.97 "doesn't leave the host but is treated like a packet received from the network, addressed to 192.168.1.97." So same as sending a packet to loop back 127.0.0.1.



why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?



Does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?



$ nmap -p0-65535 192.168.1.97

Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT
Nmap scan report for ocean (192.168.1.97)
Host is up (0.00039s latency).
Not shown: 65532 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
3306/tcp open mysql
33060/tcp open mysqlx

Nmap done: 1 IP address (1 host up) scanned in 9.55 seconds

$ nmap -p0-65535 localhost

Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00033s latency).
Other addresses for localhost (not scanned):
Not shown: 65529 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
631/tcp open ipp
3306/tcp open mysql
5432/tcp open postgresql
9050/tcp open tor-socks
33060/tcp open mysqlx

Nmap done: 1 IP address (1 host up) scanned in 5.39 seconds


Thanks.






nmap ip-address loopback







share|improve this question















marked as duplicate by Jeff Schaller, Michael Homer, Stephen Harris, jimmij, Gilles Mar 24 at 23:30


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.


















  • Because not all services are listening on the external interface?

    – Kusalananda
    Mar 23 at 22:57











  • Seems to me that Rui's Answer there applies here.

    – Jeff Schaller
    Mar 23 at 23:20











  • @Kusalananda In particular, does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

    – Tim
    Mar 23 at 23:21












  • They're different addresses, why would a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

    – 炸鱼薯条德里克
    Mar 24 at 1:35











  • Somehow, I don't think the other guy on Network Engineering answered correctly. When you specify an ip address to send packet, it would have to go to router to be . . . routed, duh. But localhost would be resolved to 127.0.0.1 just like 127.0.0.1 itself would be understood as loopback.

    – Sergiy Kolodyazhnyy
    Mar 24 at 5:03













7












7








7









This question already has an answer here:



  • Difference between `nmap local-IP-address` and `nmap localhost`

    3 answers



According to https://networkengineering.stackexchange.com/a/57909/, a packet sent to 192.168.1.97 "doesn't leave the host but is treated like a packet received from the network, addressed to 192.168.1.97." So same as sending a packet to loop back 127.0.0.1.



why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?



Does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?



$ nmap -p0-65535 192.168.1.97

Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT
Nmap scan report for ocean (192.168.1.97)
Host is up (0.00039s latency).
Not shown: 65532 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
3306/tcp open mysql
33060/tcp open mysqlx

Nmap done: 1 IP address (1 host up) scanned in 9.55 seconds

$ nmap -p0-65535 localhost

Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00033s latency).
Other addresses for localhost (not scanned):
Not shown: 65529 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
631/tcp open ipp
3306/tcp open mysql
5432/tcp open postgresql
9050/tcp open tor-socks
33060/tcp open mysqlx

Nmap done: 1 IP address (1 host up) scanned in 5.39 seconds


Thanks.






nmap ip-address loopback







share|improve this question

















This question already has an answer here:



  • Difference between `nmap local-IP-address` and `nmap localhost`

    3 answers



According to https://networkengineering.stackexchange.com/a/57909/, a packet sent to 192.168.1.97 "doesn't leave the host but is treated like a packet received from the network, addressed to 192.168.1.97." So same as sending a packet to loop back 127.0.0.1.



why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?



Does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?



$ nmap -p0-65535 192.168.1.97

Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT
Nmap scan report for ocean (192.168.1.97)
Host is up (0.00039s latency).
Not shown: 65532 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
3306/tcp open mysql
33060/tcp open mysqlx

Nmap done: 1 IP address (1 host up) scanned in 9.55 seconds

$ nmap -p0-65535 localhost

Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00033s latency).
Other addresses for localhost (not scanned):
Not shown: 65529 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
631/tcp open ipp
3306/tcp open mysql
5432/tcp open postgresql
9050/tcp open tor-socks
33060/tcp open mysqlx

Nmap done: 1 IP address (1 host up) scanned in 5.39 seconds


Thanks.





This question already has an answer here:



  • Difference between `nmap local-IP-address` and `nmap localhost`

    3 answers






nmap ip-address loopback




nmap ip-address loopback






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Mar 24 at 21:48







Tim

















asked Mar 23 at 22:52









TimTim

29.7k82274506




29.7k82274506




marked as duplicate by Jeff Schaller, Michael Homer, Stephen Harris, jimmij, Gilles Mar 24 at 23:30


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.









marked as duplicate by Jeff Schaller, Michael Homer, Stephen Harris, jimmij, Gilles Mar 24 at 23:30


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.














  • Because not all services are listening on the external interface?

    – Kusalananda
    Mar 23 at 22:57











  • Seems to me that Rui's Answer there applies here.

    – Jeff Schaller
    Mar 23 at 23:20











  • @Kusalananda In particular, does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

    – Tim
    Mar 23 at 23:21












  • They're different addresses, why would a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

    – 炸鱼薯条德里克
    Mar 24 at 1:35











  • Somehow, I don't think the other guy on Network Engineering answered correctly. When you specify an ip address to send packet, it would have to go to router to be . . . routed, duh. But localhost would be resolved to 127.0.0.1 just like 127.0.0.1 itself would be understood as loopback.

    – Sergiy Kolodyazhnyy
    Mar 24 at 5:03

















  • Because not all services are listening on the external interface?

    – Kusalananda
    Mar 23 at 22:57











  • Seems to me that Rui's Answer there applies here.

    – Jeff Schaller
    Mar 23 at 23:20











  • @Kusalananda In particular, does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

    – Tim
    Mar 23 at 23:21












  • They're different addresses, why would a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

    – 炸鱼薯条德里克
    Mar 24 at 1:35











  • Somehow, I don't think the other guy on Network Engineering answered correctly. When you specify an ip address to send packet, it would have to go to router to be . . . routed, duh. But localhost would be resolved to 127.0.0.1 just like 127.0.0.1 itself would be understood as loopback.

    – Sergiy Kolodyazhnyy
    Mar 24 at 5:03
















Because not all services are listening on the external interface?

– Kusalananda
Mar 23 at 22:57





Because not all services are listening on the external interface?

– Kusalananda
Mar 23 at 22:57













Seems to me that Rui's Answer there applies here.

– Jeff Schaller
Mar 23 at 23:20





Seems to me that Rui's Answer there applies here.

– Jeff Schaller
Mar 23 at 23:20













@Kusalananda In particular, does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

– Tim
Mar 23 at 23:21






@Kusalananda In particular, does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

– Tim
Mar 23 at 23:21














They're different addresses, why would a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

– 炸鱼薯条德里克
Mar 24 at 1:35





They're different addresses, why would a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

– 炸鱼薯条德里克
Mar 24 at 1:35













Somehow, I don't think the other guy on Network Engineering answered correctly. When you specify an ip address to send packet, it would have to go to router to be . . . routed, duh. But localhost would be resolved to 127.0.0.1 just like 127.0.0.1 itself would be understood as loopback.

– Sergiy Kolodyazhnyy
Mar 24 at 5:03





Somehow, I don't think the other guy on Network Engineering answered correctly. When you specify an ip address to send packet, it would have to go to router to be . . . routed, duh. But localhost would be resolved to 127.0.0.1 just like 127.0.0.1 itself would be understood as loopback.

– Sergiy Kolodyazhnyy
Mar 24 at 5:03










4 Answers
4






active

oldest

votes


















8














In short, they are two different interfaces (192.168.1.97 vs 127.0.0.1), and may have different firewall rules applied and/or services listening. Being on the same machine means relatively little.






share|improve this answer























  • Thanks. Does nmap -p0-65535 0.0.0.0 scan all the IP addresses on the local host, and report services listening at ports at all these IP addresses including 192.168.1.97 and 127.0.0.1?

    – Tim
    Mar 24 at 21:53











  • No. It scans only a single IP address, 0.0.0.0. Which is not really a valid host IP.

    – John
    Mar 25 at 1:39


















7














No, a service listening to a port on an external interface does not necessarily also listen on that port on localhost.



You can test this with something like



nc -l external-ip-address port-number


Then run nmap against localhost, then against the external IP address.






share|improve this answer























  • Thanks. What do you mean by an "external interface"? What is an "internal interface"? The IP address 192.168.1.97 in my post is private (internal), not public (external).

    – Tim
    Mar 24 at 21:50












  • @Tim By "external" interface, I meant "an interface that is accessible from the outside", as opposed to an internal interface, the loopback interface. I believe I might have used the terms quite loosely to differentiate externally available services (services listening to an address that is externally visible) and services only available on 127.0.0.1.

    – Kusalananda
    Mar 24 at 21:54


















6















why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?




Because to improve security many services are configured by default to only listen on 127.0.0.1 (and/or the IPv6 equivilent ::1)




Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?




No



Generally a service can create a listening socket to listen on.



  1. A specific IP, such a listening socket will only accept traffic destined for that specific IP.

  2. 0.0.0.0 , this will accept traffic to all IPv4 IPs assigned to the machine.

  3. :: this will accept traffic to all IPv6 IPs assigned to the machine. It may or may not accept traffic destined to IPv4 IPs on the machine depending on the particular OS, system wide configuration and socket-specific options.





share|improve this answer






























    2














    The 127-type of address is internal only, as per RFC1122:




    Internal host loopback address. Addresses of this form
    MUST NOT appear outside a host.




    This means that those services are listening locally. The 192.168.1.97 is your public-facing address, and that's how router and other computers know you. The 127.0.0.1/8 in a sense is a "simulation" of a network. You can test things with it, you can run local services on and exchange packets between them - essentially same things as you'd do with an actual internet resource. In fact, that's what web developers do: they set up local environment and run XAMP or LAMP stack locally before moving on to production environment when polished product will actually face the internet.



    Now, it should not happen that you receive a packet from 127.x.x.x type of address on public facing interface like eth0 or wlan0. If that happens, this is called Martian packet, and it's likely that someone is trying to attack your host or network.



    In a certain sense you could make it an analogy between your router and your computer. On LAN, your router has 192.168.1.0 address, but to the internet it is known as 68.125.xx.yy ( disclamer: random example, not an actual IP address intended here ). The router might expose to the internet only port 53 ( DNS ), but internally you could have port 80 ( HTTP control panel ) and 53. Same idea with your computer.



    Of course, the services would have to be configured to listen on either public or local interface only. For instance, Redis server comes preconfigured to listen only on 127.0.0.1, because security reasons.



    See also



    • What is the difference between 0.0.0.0 and a loopback IP address?

    • Wikipedia's article about localhost





    share|improve this answer





























      4 Answers
      4






      active

      oldest

      votes








      4 Answers
      4






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      8














      In short, they are two different interfaces (192.168.1.97 vs 127.0.0.1), and may have different firewall rules applied and/or services listening. Being on the same machine means relatively little.






      share|improve this answer























      • Thanks. Does nmap -p0-65535 0.0.0.0 scan all the IP addresses on the local host, and report services listening at ports at all these IP addresses including 192.168.1.97 and 127.0.0.1?

        – Tim
        Mar 24 at 21:53











      • No. It scans only a single IP address, 0.0.0.0. Which is not really a valid host IP.

        – John
        Mar 25 at 1:39















      8














      In short, they are two different interfaces (192.168.1.97 vs 127.0.0.1), and may have different firewall rules applied and/or services listening. Being on the same machine means relatively little.






      share|improve this answer























      • Thanks. Does nmap -p0-65535 0.0.0.0 scan all the IP addresses on the local host, and report services listening at ports at all these IP addresses including 192.168.1.97 and 127.0.0.1?

        – Tim
        Mar 24 at 21:53











      • No. It scans only a single IP address, 0.0.0.0. Which is not really a valid host IP.

        – John
        Mar 25 at 1:39













      8












      8








      8







      In short, they are two different interfaces (192.168.1.97 vs 127.0.0.1), and may have different firewall rules applied and/or services listening. Being on the same machine means relatively little.






      share|improve this answer













      In short, they are two different interfaces (192.168.1.97 vs 127.0.0.1), and may have different firewall rules applied and/or services listening. Being on the same machine means relatively little.







      share|improve this answer












      share|improve this answer



      share|improve this answer










      answered Mar 24 at 0:16









      JohnJohn

      11.9k12031




      11.9k12031












      • Thanks. Does nmap -p0-65535 0.0.0.0 scan all the IP addresses on the local host, and report services listening at ports at all these IP addresses including 192.168.1.97 and 127.0.0.1?

        – Tim
        Mar 24 at 21:53











      • No. It scans only a single IP address, 0.0.0.0. Which is not really a valid host IP.

        – John
        Mar 25 at 1:39

















      • Thanks. Does nmap -p0-65535 0.0.0.0 scan all the IP addresses on the local host, and report services listening at ports at all these IP addresses including 192.168.1.97 and 127.0.0.1?

        – Tim
        Mar 24 at 21:53











      • No. It scans only a single IP address, 0.0.0.0. Which is not really a valid host IP.

        – John
        Mar 25 at 1:39
















      Thanks. Does nmap -p0-65535 0.0.0.0 scan all the IP addresses on the local host, and report services listening at ports at all these IP addresses including 192.168.1.97 and 127.0.0.1?

      – Tim
      Mar 24 at 21:53





      Thanks. Does nmap -p0-65535 0.0.0.0 scan all the IP addresses on the local host, and report services listening at ports at all these IP addresses including 192.168.1.97 and 127.0.0.1?

      – Tim
      Mar 24 at 21:53













      No. It scans only a single IP address, 0.0.0.0. Which is not really a valid host IP.

      – John
      Mar 25 at 1:39





      No. It scans only a single IP address, 0.0.0.0. Which is not really a valid host IP.

      – John
      Mar 25 at 1:39













      7














      No, a service listening to a port on an external interface does not necessarily also listen on that port on localhost.



      You can test this with something like



      nc -l external-ip-address port-number


      Then run nmap against localhost, then against the external IP address.






      share|improve this answer























      • Thanks. What do you mean by an "external interface"? What is an "internal interface"? The IP address 192.168.1.97 in my post is private (internal), not public (external).

        – Tim
        Mar 24 at 21:50












      • @Tim By "external" interface, I meant "an interface that is accessible from the outside", as opposed to an internal interface, the loopback interface. I believe I might have used the terms quite loosely to differentiate externally available services (services listening to an address that is externally visible) and services only available on 127.0.0.1.

        – Kusalananda
        Mar 24 at 21:54















      7














      No, a service listening to a port on an external interface does not necessarily also listen on that port on localhost.



      You can test this with something like



      nc -l external-ip-address port-number


      Then run nmap against localhost, then against the external IP address.






      share|improve this answer























      • Thanks. What do you mean by an "external interface"? What is an "internal interface"? The IP address 192.168.1.97 in my post is private (internal), not public (external).

        – Tim
        Mar 24 at 21:50












      • @Tim By "external" interface, I meant "an interface that is accessible from the outside", as opposed to an internal interface, the loopback interface. I believe I might have used the terms quite loosely to differentiate externally available services (services listening to an address that is externally visible) and services only available on 127.0.0.1.

        – Kusalananda
        Mar 24 at 21:54













      7












      7








      7







      No, a service listening to a port on an external interface does not necessarily also listen on that port on localhost.



      You can test this with something like



      nc -l external-ip-address port-number


      Then run nmap against localhost, then against the external IP address.






      share|improve this answer













      No, a service listening to a port on an external interface does not necessarily also listen on that port on localhost.



      You can test this with something like



      nc -l external-ip-address port-number


      Then run nmap against localhost, then against the external IP address.







      share|improve this answer












      share|improve this answer



      share|improve this answer










      answered Mar 23 at 23:35









      KusalanandaKusalananda

      148k18278466




      148k18278466












      • Thanks. What do you mean by an "external interface"? What is an "internal interface"? The IP address 192.168.1.97 in my post is private (internal), not public (external).

        – Tim
        Mar 24 at 21:50












      • @Tim By "external" interface, I meant "an interface that is accessible from the outside", as opposed to an internal interface, the loopback interface. I believe I might have used the terms quite loosely to differentiate externally available services (services listening to an address that is externally visible) and services only available on 127.0.0.1.

        – Kusalananda
        Mar 24 at 21:54

















      • Thanks. What do you mean by an "external interface"? What is an "internal interface"? The IP address 192.168.1.97 in my post is private (internal), not public (external).

        – Tim
        Mar 24 at 21:50












      • @Tim By "external" interface, I meant "an interface that is accessible from the outside", as opposed to an internal interface, the loopback interface. I believe I might have used the terms quite loosely to differentiate externally available services (services listening to an address that is externally visible) and services only available on 127.0.0.1.

        – Kusalananda
        Mar 24 at 21:54
















      Thanks. What do you mean by an "external interface"? What is an "internal interface"? The IP address 192.168.1.97 in my post is private (internal), not public (external).

      – Tim
      Mar 24 at 21:50






      Thanks. What do you mean by an "external interface"? What is an "internal interface"? The IP address 192.168.1.97 in my post is private (internal), not public (external).

      – Tim
      Mar 24 at 21:50














      @Tim By "external" interface, I meant "an interface that is accessible from the outside", as opposed to an internal interface, the loopback interface. I believe I might have used the terms quite loosely to differentiate externally available services (services listening to an address that is externally visible) and services only available on 127.0.0.1.

      – Kusalananda
      Mar 24 at 21:54





      @Tim By "external" interface, I meant "an interface that is accessible from the outside", as opposed to an internal interface, the loopback interface. I believe I might have used the terms quite loosely to differentiate externally available services (services listening to an address that is externally visible) and services only available on 127.0.0.1.

      – Kusalananda
      Mar 24 at 21:54











      6















      why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?




      Because to improve security many services are configured by default to only listen on 127.0.0.1 (and/or the IPv6 equivilent ::1)




      Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?




      No



      Generally a service can create a listening socket to listen on.



      1. A specific IP, such a listening socket will only accept traffic destined for that specific IP.

      2. 0.0.0.0 , this will accept traffic to all IPv4 IPs assigned to the machine.

      3. :: this will accept traffic to all IPv6 IPs assigned to the machine. It may or may not accept traffic destined to IPv4 IPs on the machine depending on the particular OS, system wide configuration and socket-specific options.





      share|improve this answer



























        6















        why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?




        Because to improve security many services are configured by default to only listen on 127.0.0.1 (and/or the IPv6 equivilent ::1)




        Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?




        No



        Generally a service can create a listening socket to listen on.



        1. A specific IP, such a listening socket will only accept traffic destined for that specific IP.

        2. 0.0.0.0 , this will accept traffic to all IPv4 IPs assigned to the machine.

        3. :: this will accept traffic to all IPv6 IPs assigned to the machine. It may or may not accept traffic destined to IPv4 IPs on the machine depending on the particular OS, system wide configuration and socket-specific options.





        share|improve this answer

























          6












          6








          6








          why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?




          Because to improve security many services are configured by default to only listen on 127.0.0.1 (and/or the IPv6 equivilent ::1)




          Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?




          No



          Generally a service can create a listening socket to listen on.



          1. A specific IP, such a listening socket will only accept traffic destined for that specific IP.

          2. 0.0.0.0 , this will accept traffic to all IPv4 IPs assigned to the machine.

          3. :: this will accept traffic to all IPv6 IPs assigned to the machine. It may or may not accept traffic destined to IPv4 IPs on the machine depending on the particular OS, system wide configuration and socket-specific options.





          share|improve this answer














          why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?




          Because to improve security many services are configured by default to only listen on 127.0.0.1 (and/or the IPv6 equivilent ::1)




          Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?




          No



          Generally a service can create a listening socket to listen on.



          1. A specific IP, such a listening socket will only accept traffic destined for that specific IP.

          2. 0.0.0.0 , this will accept traffic to all IPv4 IPs assigned to the machine.

          3. :: this will accept traffic to all IPv6 IPs assigned to the machine. It may or may not accept traffic destined to IPv4 IPs on the machine depending on the particular OS, system wide configuration and socket-specific options.






          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Mar 24 at 1:03









          plugwashplugwash

          1,955620




          1,955620





















              2














              The 127-type of address is internal only, as per RFC1122:




              Internal host loopback address. Addresses of this form
              MUST NOT appear outside a host.




              This means that those services are listening locally. The 192.168.1.97 is your public-facing address, and that's how router and other computers know you. The 127.0.0.1/8 in a sense is a "simulation" of a network. You can test things with it, you can run local services on and exchange packets between them - essentially same things as you'd do with an actual internet resource. In fact, that's what web developers do: they set up local environment and run XAMP or LAMP stack locally before moving on to production environment when polished product will actually face the internet.



              Now, it should not happen that you receive a packet from 127.x.x.x type of address on public facing interface like eth0 or wlan0. If that happens, this is called Martian packet, and it's likely that someone is trying to attack your host or network.



              In a certain sense you could make it an analogy between your router and your computer. On LAN, your router has 192.168.1.0 address, but to the internet it is known as 68.125.xx.yy ( disclamer: random example, not an actual IP address intended here ). The router might expose to the internet only port 53 ( DNS ), but internally you could have port 80 ( HTTP control panel ) and 53. Same idea with your computer.



              Of course, the services would have to be configured to listen on either public or local interface only. For instance, Redis server comes preconfigured to listen only on 127.0.0.1, because security reasons.



              See also



              • What is the difference between 0.0.0.0 and a loopback IP address?

              • Wikipedia's article about localhost





              share|improve this answer



























                2














                The 127-type of address is internal only, as per RFC1122:




                Internal host loopback address. Addresses of this form
                MUST NOT appear outside a host.




                This means that those services are listening locally. The 192.168.1.97 is your public-facing address, and that's how router and other computers know you. The 127.0.0.1/8 in a sense is a "simulation" of a network. You can test things with it, you can run local services on and exchange packets between them - essentially same things as you'd do with an actual internet resource. In fact, that's what web developers do: they set up local environment and run XAMP or LAMP stack locally before moving on to production environment when polished product will actually face the internet.



                Now, it should not happen that you receive a packet from 127.x.x.x type of address on public facing interface like eth0 or wlan0. If that happens, this is called Martian packet, and it's likely that someone is trying to attack your host or network.



                In a certain sense you could make it an analogy between your router and your computer. On LAN, your router has 192.168.1.0 address, but to the internet it is known as 68.125.xx.yy ( disclamer: random example, not an actual IP address intended here ). The router might expose to the internet only port 53 ( DNS ), but internally you could have port 80 ( HTTP control panel ) and 53. Same idea with your computer.



                Of course, the services would have to be configured to listen on either public or local interface only. For instance, Redis server comes preconfigured to listen only on 127.0.0.1, because security reasons.



                See also



                • What is the difference between 0.0.0.0 and a loopback IP address?

                • Wikipedia's article about localhost





                share|improve this answer

























                  2












                  2








                  2







                  The 127-type of address is internal only, as per RFC1122:




                  Internal host loopback address. Addresses of this form
                  MUST NOT appear outside a host.




                  This means that those services are listening locally. The 192.168.1.97 is your public-facing address, and that's how router and other computers know you. The 127.0.0.1/8 in a sense is a "simulation" of a network. You can test things with it, you can run local services on and exchange packets between them - essentially same things as you'd do with an actual internet resource. In fact, that's what web developers do: they set up local environment and run XAMP or LAMP stack locally before moving on to production environment when polished product will actually face the internet.



                  Now, it should not happen that you receive a packet from 127.x.x.x type of address on public facing interface like eth0 or wlan0. If that happens, this is called Martian packet, and it's likely that someone is trying to attack your host or network.



                  In a certain sense you could make it an analogy between your router and your computer. On LAN, your router has 192.168.1.0 address, but to the internet it is known as 68.125.xx.yy ( disclamer: random example, not an actual IP address intended here ). The router might expose to the internet only port 53 ( DNS ), but internally you could have port 80 ( HTTP control panel ) and 53. Same idea with your computer.



                  Of course, the services would have to be configured to listen on either public or local interface only. For instance, Redis server comes preconfigured to listen only on 127.0.0.1, because security reasons.



                  See also



                  • What is the difference between 0.0.0.0 and a loopback IP address?

                  • Wikipedia's article about localhost





                  share|improve this answer













                  The 127-type of address is internal only, as per RFC1122:




                  Internal host loopback address. Addresses of this form
                  MUST NOT appear outside a host.




                  This means that those services are listening locally. The 192.168.1.97 is your public-facing address, and that's how router and other computers know you. The 127.0.0.1/8 in a sense is a "simulation" of a network. You can test things with it, you can run local services on and exchange packets between them - essentially same things as you'd do with an actual internet resource. In fact, that's what web developers do: they set up local environment and run XAMP or LAMP stack locally before moving on to production environment when polished product will actually face the internet.



                  Now, it should not happen that you receive a packet from 127.x.x.x type of address on public facing interface like eth0 or wlan0. If that happens, this is called Martian packet, and it's likely that someone is trying to attack your host or network.



                  In a certain sense you could make it an analogy between your router and your computer. On LAN, your router has 192.168.1.0 address, but to the internet it is known as 68.125.xx.yy ( disclamer: random example, not an actual IP address intended here ). The router might expose to the internet only port 53 ( DNS ), but internally you could have port 80 ( HTTP control panel ) and 53. Same idea with your computer.



                  Of course, the services would have to be configured to listen on either public or local interface only. For instance, Redis server comes preconfigured to listen only on 127.0.0.1, because security reasons.



                  See also



                  • What is the difference between 0.0.0.0 and a loopback IP address?

                  • Wikipedia's article about localhost






                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Mar 24 at 4:52









                  Sergiy KolodyazhnyySergiy Kolodyazhnyy

                  10.8k42765




                  10.8k42765













                      -

                      Popular posts from this blog

                      Kamusi Yaliyomo Aina za kamusi | Muundo wa kamusi | Faida za kamusi | Dhima ya picha katika kamusi | Marejeo | Tazama pia | Viungo vya nje | UrambazajiKuhusu kamusiGo-SwahiliWiki-KamusiKamusi ya Kiswahili na Kiingerezakuihariri na kuongeza habari

                      Image
                      Pages using ISBN magic linksMbegu za lughaKamusiIsimu nenoKiarabukitabulughaKiswahilialfabetimaanaufafanuzimanenomuhtasarisarufividahizoalfabeti Kamusi Kutoka Wikipedia, kamusi elezo huru Jump to navigation Jump to search Kamusi za Kiswahili Kamusi ya Kiswahili-Kiswahili (kamusi wahidiya) Kamusi ya Kiswahili - Kiingereza (kamusi thania) Kamusi (kutoka neno la Kiarabu قاموس qamus ) ni kitabu ambacho kinaorodhesha maneno ya lugha yaliyokusanywa kutoka kwa watumiaji wa lugha fulani, kwa mfano lugha ya Kiswahili. Maneno hupangwa kwa mtindo wa alfabeti, hutoa maana, asili na ufafanuzi wa utumizi wa maneno na jinsi yanavyotumika au yanavyotamkwa. [1] Yaliyomo 1 Aina za kamusi 2 Muundo wa kamusi 2.1 1. Utangulizi wa kamusi 2.2 2. Matini ya kamusi 2.3 3. Sherehe ya kamusi 3 Faida za kamusi 4 Dhima ya picha katika kamusi 5 Marejeo 6 Tazama pia 7 Viungo vya nje Aina za kamusi | Kuna aina mbalimbali za kamusi ambazo ni: Kamusi wahidiya yaani ya l
                      Read more

                      Swift 4 - func physicsWorld not invoked on collision? The Next CEO of Stack OverflowHow to call Objective-C code from Swift#ifdef replacement in the Swift language@selector() in Swift?#pragma mark in Swift?Swift for loop: for index, element in array?dispatch_after - GCD in Swift?Swift Beta performance: sorting arraysSplit a String into an array in Swift?The use of Swift 3 @objc inference in Swift 4 mode is deprecated?How to optimize UITableViewCell, because my UITableView lags

                      Image
                      Strange use of "whether ... than ..." in official text Could a dragon use its wings to swim? Car headlights in a world without electricity How to avoid supervisors with prejudiced views? Is the offspring between a demon and a celestial possible? If so what is it called and is it in a book somewhere? Can I board the first leg of the flight without having final country's PR card? subequations: How to continue numbering within subequation? How do you define an element with an ID attribute using LWC? Relevant Part for a Badminton Serve What CSS properties can the br tag have? What are the unusually-enlarged wing sections on this P-38 Lightning? Why did early computer designers eschew integers? Is it a bad idea to plug the other end of ESD strap to wall ground? Magento 1.9 observer on only new product added ( no updated product ) Airplane gently rocking its wings during whole flight It is correct to match light sources with the same color temperat
                      Read more

                      Access current req object everywhere in Node.js ExpressWhy are global variables considered bad practice? (node.js)Using req & res across functionsHow do I get the path to the current script with Node.js?What is Node.js' Connect, Express and “middleware”?Node.js w/ express error handling in callbackHow to access the GET parameters after “?” in Express?Modify Node.js req object parametersAccess “app” variable inside of ExpressJS/ConnectJS middleware?Node.js Express app - request objectAngular Http Module considered middleware?Session variables in ExpressJSAdd properties to the req object in expressjs with Typescript

                      Image
                      What steps should I take to lawfully visit the United States as a tourist immediately after visiting on a B-1 visa? Would dual wielding daggers be a viable choice for a covert bodyguard? For a hashing function like MD5, how similar can two plaintext strings be and still generate the same hash? Using Newton's shell theorem to accelerate a spaceship Why doesn't sea level show seasonality? What prevents someone from claiming to be the murderer in order to get the real murderer off? Has anyone in space seen or photographed a simple laser pointer from Earth? What does (void *)1 mean Why does the U.S. tolerate foreign influence from Saudi Arabia and Israel on its domestic policies while not tolerating that from China or Russia? Modulus Operandi What's the point of having a RAID 1 configuration over incremental backups to a secondary drive? How to ask for a LinkedIn endorsement? Good resources for solving techniques (Metaheuristics, MILP, CP etc) How woul
                      Read more