why `nmap 192.168.1.97` returns less services than `nmap 127.0.0.1`? [duplicate]












6
















This question already has an answer here:




  • Difference between `nmap local-IP-address` and `nmap localhost`

    3 answers




According to https://networkengineering.stackexchange.com/a/57909/, a packet sent to 192.168.1.97 "doesn't leave the host but is treated like a packet received from the network, addressed to 192.168.1.97." So same as sending a packet to loop back 127.0.0.1.



why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?



Does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?



$ nmap -p0-65535 192.168.1.97



Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT

Nmap scan report for ocean (192.168.1.97)

Host is up (0.00039s latency).

Not shown: 65532 closed ports

PORT      STATE SERVICE

22/tcp    open  ssh

111/tcp   open  rpcbind

3306/tcp  open  mysql

33060/tcp open  mysqlx



Nmap done: 1 IP address (1 host up) scanned in 9.55 seconds



$ nmap -p0-65535 localhost



Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT

Nmap scan report for localhost (127.0.0.1)

Host is up (0.00033s latency).

Other addresses for localhost (not scanned):

Not shown: 65529 closed ports

PORT      STATE SERVICE

22/tcp    open  ssh

111/tcp   open  rpcbind

631/tcp   open  ipp

3306/tcp  open  mysql

5432/tcp  open  postgresql

9050/tcp  open  tor-socks

33060/tcp open  mysqlx



Nmap done: 1 IP address (1 host up) scanned in 5.39 seconds


Thanks.






nmap ip-address loopback







share|improve this question















marked as duplicate by Jeff Schaller, Michael Homer, Stephen Harris, jimmij, Gilles 23 hours ago


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.



















  • Because not all services are listening on the external interface?

    – Kusalananda
    2 days ago











  • Seems to me that Rui's Answer there applies here.

    – Jeff Schaller
    yesterday











  • @Kusalananda In particular, does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

    – Tim
    yesterday













  • They're different addresses, why would a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

    – 炸鱼薯条德里克
    yesterday











  • Somehow, I don't think the other guy on Network Engineering answered correctly. When you specify an ip address to send packet, it would have to go to router to be . . . routed, duh. But localhost would be resolved to 127.0.0.1 just like 127.0.0.1 itself would be understood as loopback.

    – Sergiy Kolodyazhnyy
    yesterday
















6
















This question already has an answer here:




  • Difference between `nmap local-IP-address` and `nmap localhost`

    3 answers




According to https://networkengineering.stackexchange.com/a/57909/, a packet sent to 192.168.1.97 "doesn't leave the host but is treated like a packet received from the network, addressed to 192.168.1.97." So same as sending a packet to loop back 127.0.0.1.



why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?



Does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?



$ nmap -p0-65535 192.168.1.97



Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT

Nmap scan report for ocean (192.168.1.97)

Host is up (0.00039s latency).

Not shown: 65532 closed ports

PORT      STATE SERVICE

22/tcp    open  ssh

111/tcp   open  rpcbind

3306/tcp  open  mysql

33060/tcp open  mysqlx



Nmap done: 1 IP address (1 host up) scanned in 9.55 seconds



$ nmap -p0-65535 localhost



Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT

Nmap scan report for localhost (127.0.0.1)

Host is up (0.00033s latency).

Other addresses for localhost (not scanned):

Not shown: 65529 closed ports

PORT      STATE SERVICE

22/tcp    open  ssh

111/tcp   open  rpcbind

631/tcp   open  ipp

3306/tcp  open  mysql

5432/tcp  open  postgresql

9050/tcp  open  tor-socks

33060/tcp open  mysqlx



Nmap done: 1 IP address (1 host up) scanned in 5.39 seconds


Thanks.






nmap ip-address loopback







share|improve this question















marked as duplicate by Jeff Schaller, Michael Homer, Stephen Harris, jimmij, Gilles 23 hours ago


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.



















  • Because not all services are listening on the external interface?

    – Kusalananda
    2 days ago











  • Seems to me that Rui's Answer there applies here.

    – Jeff Schaller
    yesterday











  • @Kusalananda In particular, does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

    – Tim
    yesterday













  • They're different addresses, why would a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

    – 炸鱼薯条德里克
    yesterday











  • Somehow, I don't think the other guy on Network Engineering answered correctly. When you specify an ip address to send packet, it would have to go to router to be . . . routed, duh. But localhost would be resolved to 127.0.0.1 just like 127.0.0.1 itself would be understood as loopback.

    – Sergiy Kolodyazhnyy
    yesterday














6












6








6









This question already has an answer here:




  • Difference between `nmap local-IP-address` and `nmap localhost`

    3 answers




According to https://networkengineering.stackexchange.com/a/57909/, a packet sent to 192.168.1.97 "doesn't leave the host but is treated like a packet received from the network, addressed to 192.168.1.97." So same as sending a packet to loop back 127.0.0.1.



why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?



Does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?



$ nmap -p0-65535 192.168.1.97



Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT

Nmap scan report for ocean (192.168.1.97)

Host is up (0.00039s latency).

Not shown: 65532 closed ports

PORT      STATE SERVICE

22/tcp    open  ssh

111/tcp   open  rpcbind

3306/tcp  open  mysql

33060/tcp open  mysqlx



Nmap done: 1 IP address (1 host up) scanned in 9.55 seconds



$ nmap -p0-65535 localhost



Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT

Nmap scan report for localhost (127.0.0.1)

Host is up (0.00033s latency).

Other addresses for localhost (not scanned):

Not shown: 65529 closed ports

PORT      STATE SERVICE

22/tcp    open  ssh

111/tcp   open  rpcbind

631/tcp   open  ipp

3306/tcp  open  mysql

5432/tcp  open  postgresql

9050/tcp  open  tor-socks

33060/tcp open  mysqlx



Nmap done: 1 IP address (1 host up) scanned in 5.39 seconds


Thanks.






nmap ip-address loopback







share|improve this question

















This question already has an answer here:




  • Difference between `nmap local-IP-address` and `nmap localhost`

    3 answers




According to https://networkengineering.stackexchange.com/a/57909/, a packet sent to 192.168.1.97 "doesn't leave the host but is treated like a packet received from the network, addressed to 192.168.1.97." So same as sending a packet to loop back 127.0.0.1.



why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?



Does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?



$ nmap -p0-65535 192.168.1.97



Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT

Nmap scan report for ocean (192.168.1.97)

Host is up (0.00039s latency).

Not shown: 65532 closed ports

PORT      STATE SERVICE

22/tcp    open  ssh

111/tcp   open  rpcbind

3306/tcp  open  mysql

33060/tcp open  mysqlx



Nmap done: 1 IP address (1 host up) scanned in 9.55 seconds



$ nmap -p0-65535 localhost



Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT

Nmap scan report for localhost (127.0.0.1)

Host is up (0.00033s latency).

Other addresses for localhost (not scanned):

Not shown: 65529 closed ports

PORT      STATE SERVICE

22/tcp    open  ssh

111/tcp   open  rpcbind

631/tcp   open  ipp

3306/tcp  open  mysql

5432/tcp  open  postgresql

9050/tcp  open  tor-socks

33060/tcp open  mysqlx



Nmap done: 1 IP address (1 host up) scanned in 5.39 seconds


Thanks.





This question already has an answer here:




  • Difference between `nmap local-IP-address` and `nmap localhost`

    3 answers







nmap ip-address loopback




nmap ip-address loopback






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited yesterday







Tim

















asked 2 days ago









TimTim

28.1k78269490




28.1k78269490




marked as duplicate by Jeff Schaller, Michael Homer, Stephen Harris, jimmij, Gilles 23 hours ago


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.









marked as duplicate by Jeff Schaller, Michael Homer, Stephen Harris, jimmij, Gilles 23 hours ago


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.















  • Because not all services are listening on the external interface?

    – Kusalananda
    2 days ago











  • Seems to me that Rui's Answer there applies here.

    – Jeff Schaller
    yesterday











  • @Kusalananda In particular, does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

    – Tim
    yesterday













  • They're different addresses, why would a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

    – 炸鱼薯条德里克
    yesterday











  • Somehow, I don't think the other guy on Network Engineering answered correctly. When you specify an ip address to send packet, it would have to go to router to be . . . routed, duh. But localhost would be resolved to 127.0.0.1 just like 127.0.0.1 itself would be understood as loopback.

    – Sergiy Kolodyazhnyy
    yesterday



















  • Because not all services are listening on the external interface?

    – Kusalananda
    2 days ago











  • Seems to me that Rui's Answer there applies here.

    – Jeff Schaller
    yesterday











  • @Kusalananda In particular, does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

    – Tim
    yesterday













  • They're different addresses, why would a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

    – 炸鱼薯条德里克
    yesterday











  • Somehow, I don't think the other guy on Network Engineering answered correctly. When you specify an ip address to send packet, it would have to go to router to be . . . routed, duh. But localhost would be resolved to 127.0.0.1 just like 127.0.0.1 itself would be understood as loopback.

    – Sergiy Kolodyazhnyy
    yesterday

















Because not all services are listening on the external interface?

– Kusalananda
2 days ago





Because not all services are listening on the external interface?

– Kusalananda
2 days ago













Seems to me that Rui's Answer there applies here.

– Jeff Schaller
yesterday





Seems to me that Rui's Answer there applies here.

– Jeff Schaller
yesterday













@Kusalananda In particular, does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

– Tim
yesterday







@Kusalananda In particular, does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

– Tim
yesterday















They're different addresses, why would a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

– 炸鱼薯条德里克
yesterday





They're different addresses, why would a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

– 炸鱼薯条德里克
yesterday













Somehow, I don't think the other guy on Network Engineering answered correctly. When you specify an ip address to send packet, it would have to go to router to be . . . routed, duh. But localhost would be resolved to 127.0.0.1 just like 127.0.0.1 itself would be understood as loopback.

– Sergiy Kolodyazhnyy
yesterday





Somehow, I don't think the other guy on Network Engineering answered correctly. When you specify an ip address to send packet, it would have to go to router to be . . . routed, duh. But localhost would be resolved to 127.0.0.1 just like 127.0.0.1 itself would be understood as loopback.

– Sergiy Kolodyazhnyy
yesterday










4 Answers
4






active

oldest

votes


















8














In short, they are two different interfaces (192.168.1.97 vs 127.0.0.1), and may have different firewall rules applied and/or services listening. Being on the same machine means relatively little.






share|improve this answer
























  • Thanks. Does nmap -p0-65535 0.0.0.0 scan all the IP addresses on the local host, and report services listening at ports at all these IP addresses including 192.168.1.97 and 127.0.0.1?

    – Tim
    yesterday











  • No. It scans only a single IP address, 0.0.0.0. Which is not really a valid host IP.

    – John
    21 hours ago



















7














No, a service listening to a port on an external interface does not necessarily also listen on that port on localhost.



You can test this with something like



nc -l external-ip-address port-number


Then run nmap against localhost, then against the external IP address.






share|improve this answer
























  • Thanks. What do you mean by an "external interface"? What is an "internal interface"? The IP address 192.168.1.97 in my post is private (internal), not public (external).

    – Tim
    yesterday













  • @Tim By "external" interface, I meant "an interface that is accessible from the outside", as opposed to an internal interface, the loopback interface. I believe I might have used the terms quite loosely to differentiate externally available services (services listening to an address that is externally visible) and services only available on 127.0.0.1.

    – Kusalananda
    yesterday



















6















why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?




Because to improve security many services are configured by default to only listen on 127.0.0.1 (and/or the IPv6 equivilent ::1)




Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?




No



Generally a service can create a listening socket to listen on.




  1. A specific IP, such a listening socket will only accept traffic destined for that specific IP.

  2. 0.0.0.0 , this will accept traffic to all IPv4 IPs assigned to the machine.

  3. :: this will accept traffic to all IPv6 IPs assigned to the machine. It may or may not accept traffic destined to IPv4 IPs on the machine depending on the particular OS, system wide configuration and socket-specific options.






share|improve this answer































    2














    The 127-type of address is internal only, as per RFC1122:




    Internal host loopback address. Addresses of this form
    MUST NOT appear outside a host.




    This means that those services are listening locally. The 192.168.1.97 is your public-facing address, and that's how router and other computers know you. The 127.0.0.1/8 in a sense is a "simulation" of a network. You can test things with it, you can run local services on and exchange packets between them - essentially same things as you'd do with an actual internet resource. In fact, that's what web developers do: they set up local environment and run XAMP or LAMP stack locally before moving on to production environment when polished product will actually face the internet.



    Now, it should not happen that you receive a packet from 127.x.x.x type of address on public facing interface like eth0 or wlan0. If that happens, this is called Martian packet, and it's likely that someone is trying to attack your host or network.



    In a certain sense you could make it an analogy between your router and your computer. On LAN, your router has 192.168.1.0 address, but to the internet it is known as 68.125.xx.yy ( disclamer: random example, not an actual IP address intended here ). The router might expose to the internet only port 53 ( DNS ), but internally you could have port 80 ( HTTP control panel ) and 53. Same idea with your computer.



    Of course, the services would have to be configured to listen on either public or local interface only. For instance, Redis server comes preconfigured to listen only on 127.0.0.1, because security reasons.



    See also




    • What is the difference between 0.0.0.0 and a loopback IP address?

    • Wikipedia's article about localhost






    share|improve this answer






























      4 Answers
      4






      active

      oldest

      votes








      4 Answers
      4






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      8














      In short, they are two different interfaces (192.168.1.97 vs 127.0.0.1), and may have different firewall rules applied and/or services listening. Being on the same machine means relatively little.






      share|improve this answer
























      • Thanks. Does nmap -p0-65535 0.0.0.0 scan all the IP addresses on the local host, and report services listening at ports at all these IP addresses including 192.168.1.97 and 127.0.0.1?

        – Tim
        yesterday











      • No. It scans only a single IP address, 0.0.0.0. Which is not really a valid host IP.

        – John
        21 hours ago
















      8














      In short, they are two different interfaces (192.168.1.97 vs 127.0.0.1), and may have different firewall rules applied and/or services listening. Being on the same machine means relatively little.






      share|improve this answer
























      • Thanks. Does nmap -p0-65535 0.0.0.0 scan all the IP addresses on the local host, and report services listening at ports at all these IP addresses including 192.168.1.97 and 127.0.0.1?

        – Tim
        yesterday











      • No. It scans only a single IP address, 0.0.0.0. Which is not really a valid host IP.

        – John
        21 hours ago














      8












      8








      8







      In short, they are two different interfaces (192.168.1.97 vs 127.0.0.1), and may have different firewall rules applied and/or services listening. Being on the same machine means relatively little.






      share|improve this answer













      In short, they are two different interfaces (192.168.1.97 vs 127.0.0.1), and may have different firewall rules applied and/or services listening. Being on the same machine means relatively little.







      share|improve this answer












      share|improve this answer



      share|improve this answer










      answered yesterday









      JohnJohn

      11.8k11931




      11.8k11931













      • Thanks. Does nmap -p0-65535 0.0.0.0 scan all the IP addresses on the local host, and report services listening at ports at all these IP addresses including 192.168.1.97 and 127.0.0.1?

        – Tim
        yesterday











      • No. It scans only a single IP address, 0.0.0.0. Which is not really a valid host IP.

        – John
        21 hours ago



















      • Thanks. Does nmap -p0-65535 0.0.0.0 scan all the IP addresses on the local host, and report services listening at ports at all these IP addresses including 192.168.1.97 and 127.0.0.1?

        – Tim
        yesterday











      • No. It scans only a single IP address, 0.0.0.0. Which is not really a valid host IP.

        – John
        21 hours ago

















      Thanks. Does nmap -p0-65535 0.0.0.0 scan all the IP addresses on the local host, and report services listening at ports at all these IP addresses including 192.168.1.97 and 127.0.0.1?

      – Tim
      yesterday





      Thanks. Does nmap -p0-65535 0.0.0.0 scan all the IP addresses on the local host, and report services listening at ports at all these IP addresses including 192.168.1.97 and 127.0.0.1?

      – Tim
      yesterday













      No. It scans only a single IP address, 0.0.0.0. Which is not really a valid host IP.

      – John
      21 hours ago





      No. It scans only a single IP address, 0.0.0.0. Which is not really a valid host IP.

      – John
      21 hours ago













      7














      No, a service listening to a port on an external interface does not necessarily also listen on that port on localhost.



      You can test this with something like



      nc -l external-ip-address port-number


      Then run nmap against localhost, then against the external IP address.






      share|improve this answer
























      • Thanks. What do you mean by an "external interface"? What is an "internal interface"? The IP address 192.168.1.97 in my post is private (internal), not public (external).

        – Tim
        yesterday













      • @Tim By "external" interface, I meant "an interface that is accessible from the outside", as opposed to an internal interface, the loopback interface. I believe I might have used the terms quite loosely to differentiate externally available services (services listening to an address that is externally visible) and services only available on 127.0.0.1.

        – Kusalananda
        yesterday
















      7














      No, a service listening to a port on an external interface does not necessarily also listen on that port on localhost.



      You can test this with something like



      nc -l external-ip-address port-number


      Then run nmap against localhost, then against the external IP address.






      share|improve this answer
























      • Thanks. What do you mean by an "external interface"? What is an "internal interface"? The IP address 192.168.1.97 in my post is private (internal), not public (external).

        – Tim
        yesterday













      • @Tim By "external" interface, I meant "an interface that is accessible from the outside", as opposed to an internal interface, the loopback interface. I believe I might have used the terms quite loosely to differentiate externally available services (services listening to an address that is externally visible) and services only available on 127.0.0.1.

        – Kusalananda
        yesterday














      7












      7








      7







      No, a service listening to a port on an external interface does not necessarily also listen on that port on localhost.



      You can test this with something like



      nc -l external-ip-address port-number


      Then run nmap against localhost, then against the external IP address.






      share|improve this answer













      No, a service listening to a port on an external interface does not necessarily also listen on that port on localhost.



      You can test this with something like



      nc -l external-ip-address port-number


      Then run nmap against localhost, then against the external IP address.







      share|improve this answer












      share|improve this answer



      share|improve this answer










      answered yesterday









      KusalanandaKusalananda

      137k17258426




      137k17258426













      • Thanks. What do you mean by an "external interface"? What is an "internal interface"? The IP address 192.168.1.97 in my post is private (internal), not public (external).

        – Tim
        yesterday













      • @Tim By "external" interface, I meant "an interface that is accessible from the outside", as opposed to an internal interface, the loopback interface. I believe I might have used the terms quite loosely to differentiate externally available services (services listening to an address that is externally visible) and services only available on 127.0.0.1.

        – Kusalananda
        yesterday



















      • Thanks. What do you mean by an "external interface"? What is an "internal interface"? The IP address 192.168.1.97 in my post is private (internal), not public (external).

        – Tim
        yesterday













      • @Tim By "external" interface, I meant "an interface that is accessible from the outside", as opposed to an internal interface, the loopback interface. I believe I might have used the terms quite loosely to differentiate externally available services (services listening to an address that is externally visible) and services only available on 127.0.0.1.

        – Kusalananda
        yesterday

















      Thanks. What do you mean by an "external interface"? What is an "internal interface"? The IP address 192.168.1.97 in my post is private (internal), not public (external).

      – Tim
      yesterday







      Thanks. What do you mean by an "external interface"? What is an "internal interface"? The IP address 192.168.1.97 in my post is private (internal), not public (external).

      – Tim
      yesterday















      @Tim By "external" interface, I meant "an interface that is accessible from the outside", as opposed to an internal interface, the loopback interface. I believe I might have used the terms quite loosely to differentiate externally available services (services listening to an address that is externally visible) and services only available on 127.0.0.1.

      – Kusalananda
      yesterday





      @Tim By "external" interface, I meant "an interface that is accessible from the outside", as opposed to an internal interface, the loopback interface. I believe I might have used the terms quite loosely to differentiate externally available services (services listening to an address that is externally visible) and services only available on 127.0.0.1.

      – Kusalananda
      yesterday











      6















      why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?




      Because to improve security many services are configured by default to only listen on 127.0.0.1 (and/or the IPv6 equivilent ::1)




      Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?




      No



      Generally a service can create a listening socket to listen on.




      1. A specific IP, such a listening socket will only accept traffic destined for that specific IP.

      2. 0.0.0.0 , this will accept traffic to all IPv4 IPs assigned to the machine.

      3. :: this will accept traffic to all IPv6 IPs assigned to the machine. It may or may not accept traffic destined to IPv4 IPs on the machine depending on the particular OS, system wide configuration and socket-specific options.






      share|improve this answer




























        6















        why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?




        Because to improve security many services are configured by default to only listen on 127.0.0.1 (and/or the IPv6 equivilent ::1)




        Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?




        No



        Generally a service can create a listening socket to listen on.




        1. A specific IP, such a listening socket will only accept traffic destined for that specific IP.

        2. 0.0.0.0 , this will accept traffic to all IPv4 IPs assigned to the machine.

        3. :: this will accept traffic to all IPv6 IPs assigned to the machine. It may or may not accept traffic destined to IPv4 IPs on the machine depending on the particular OS, system wide configuration and socket-specific options.






        share|improve this answer


























          6












          6








          6








          why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?




          Because to improve security many services are configured by default to only listen on 127.0.0.1 (and/or the IPv6 equivilent ::1)




          Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?




          No



          Generally a service can create a listening socket to listen on.




          1. A specific IP, such a listening socket will only accept traffic destined for that specific IP.

          2. 0.0.0.0 , this will accept traffic to all IPv4 IPs assigned to the machine.

          3. :: this will accept traffic to all IPv6 IPs assigned to the machine. It may or may not accept traffic destined to IPv4 IPs on the machine depending on the particular OS, system wide configuration and socket-specific options.






          share|improve this answer














          why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?




          Because to improve security many services are configured by default to only listen on 127.0.0.1 (and/or the IPv6 equivilent ::1)




          Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?




          No



          Generally a service can create a listening socket to listen on.




          1. A specific IP, such a listening socket will only accept traffic destined for that specific IP.

          2. 0.0.0.0 , this will accept traffic to all IPv4 IPs assigned to the machine.

          3. :: this will accept traffic to all IPv6 IPs assigned to the machine. It may or may not accept traffic destined to IPv4 IPs on the machine depending on the particular OS, system wide configuration and socket-specific options.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered yesterday









          plugwashplugwash

          1,951619




          1,951619























              2














              The 127-type of address is internal only, as per RFC1122:




              Internal host loopback address. Addresses of this form
              MUST NOT appear outside a host.




              This means that those services are listening locally. The 192.168.1.97 is your public-facing address, and that's how router and other computers know you. The 127.0.0.1/8 in a sense is a "simulation" of a network. You can test things with it, you can run local services on and exchange packets between them - essentially same things as you'd do with an actual internet resource. In fact, that's what web developers do: they set up local environment and run XAMP or LAMP stack locally before moving on to production environment when polished product will actually face the internet.



              Now, it should not happen that you receive a packet from 127.x.x.x type of address on public facing interface like eth0 or wlan0. If that happens, this is called Martian packet, and it's likely that someone is trying to attack your host or network.



              In a certain sense you could make it an analogy between your router and your computer. On LAN, your router has 192.168.1.0 address, but to the internet it is known as 68.125.xx.yy ( disclamer: random example, not an actual IP address intended here ). The router might expose to the internet only port 53 ( DNS ), but internally you could have port 80 ( HTTP control panel ) and 53. Same idea with your computer.



              Of course, the services would have to be configured to listen on either public or local interface only. For instance, Redis server comes preconfigured to listen only on 127.0.0.1, because security reasons.



              See also




              • What is the difference between 0.0.0.0 and a loopback IP address?

              • Wikipedia's article about localhost






              share|improve this answer




























                2














                The 127-type of address is internal only, as per RFC1122:




                Internal host loopback address. Addresses of this form
                MUST NOT appear outside a host.




                This means that those services are listening locally. The 192.168.1.97 is your public-facing address, and that's how router and other computers know you. The 127.0.0.1/8 in a sense is a "simulation" of a network. You can test things with it, you can run local services on and exchange packets between them - essentially same things as you'd do with an actual internet resource. In fact, that's what web developers do: they set up local environment and run XAMP or LAMP stack locally before moving on to production environment when polished product will actually face the internet.



                Now, it should not happen that you receive a packet from 127.x.x.x type of address on public facing interface like eth0 or wlan0. If that happens, this is called Martian packet, and it's likely that someone is trying to attack your host or network.



                In a certain sense you could make it an analogy between your router and your computer. On LAN, your router has 192.168.1.0 address, but to the internet it is known as 68.125.xx.yy ( disclamer: random example, not an actual IP address intended here ). The router might expose to the internet only port 53 ( DNS ), but internally you could have port 80 ( HTTP control panel ) and 53. Same idea with your computer.



                Of course, the services would have to be configured to listen on either public or local interface only. For instance, Redis server comes preconfigured to listen only on 127.0.0.1, because security reasons.



                See also




                • What is the difference between 0.0.0.0 and a loopback IP address?

                • Wikipedia's article about localhost






                share|improve this answer


























                  2












                  2








                  2







                  The 127-type of address is internal only, as per RFC1122:




                  Internal host loopback address. Addresses of this form
                  MUST NOT appear outside a host.




                  This means that those services are listening locally. The 192.168.1.97 is your public-facing address, and that's how router and other computers know you. The 127.0.0.1/8 in a sense is a "simulation" of a network. You can test things with it, you can run local services on and exchange packets between them - essentially same things as you'd do with an actual internet resource. In fact, that's what web developers do: they set up local environment and run XAMP or LAMP stack locally before moving on to production environment when polished product will actually face the internet.



                  Now, it should not happen that you receive a packet from 127.x.x.x type of address on public facing interface like eth0 or wlan0. If that happens, this is called Martian packet, and it's likely that someone is trying to attack your host or network.



                  In a certain sense you could make it an analogy between your router and your computer. On LAN, your router has 192.168.1.0 address, but to the internet it is known as 68.125.xx.yy ( disclamer: random example, not an actual IP address intended here ). The router might expose to the internet only port 53 ( DNS ), but internally you could have port 80 ( HTTP control panel ) and 53. Same idea with your computer.



                  Of course, the services would have to be configured to listen on either public or local interface only. For instance, Redis server comes preconfigured to listen only on 127.0.0.1, because security reasons.



                  See also




                  • What is the difference between 0.0.0.0 and a loopback IP address?

                  • Wikipedia's article about localhost






                  share|improve this answer













                  The 127-type of address is internal only, as per RFC1122:




                  Internal host loopback address. Addresses of this form
                  MUST NOT appear outside a host.




                  This means that those services are listening locally. The 192.168.1.97 is your public-facing address, and that's how router and other computers know you. The 127.0.0.1/8 in a sense is a "simulation" of a network. You can test things with it, you can run local services on and exchange packets between them - essentially same things as you'd do with an actual internet resource. In fact, that's what web developers do: they set up local environment and run XAMP or LAMP stack locally before moving on to production environment when polished product will actually face the internet.



                  Now, it should not happen that you receive a packet from 127.x.x.x type of address on public facing interface like eth0 or wlan0. If that happens, this is called Martian packet, and it's likely that someone is trying to attack your host or network.



                  In a certain sense you could make it an analogy between your router and your computer. On LAN, your router has 192.168.1.0 address, but to the internet it is known as 68.125.xx.yy ( disclamer: random example, not an actual IP address intended here ). The router might expose to the internet only port 53 ( DNS ), but internally you could have port 80 ( HTTP control panel ) and 53. Same idea with your computer.



                  Of course, the services would have to be configured to listen on either public or local interface only. For instance, Redis server comes preconfigured to listen only on 127.0.0.1, because security reasons.



                  See also




                  • What is the difference between 0.0.0.0 and a loopback IP address?

                  • Wikipedia's article about localhost







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered yesterday









                  Sergiy KolodyazhnyySergiy Kolodyazhnyy

                  10.7k42763




                  10.7k42763















                      -

                      Popular posts from this blog

                      數位音樂下載

                      Image
                      數位音樂下載 為非以「實體」方式來販賣音樂的相關產品,而使用數位格式如mp3、AAC等文件格式來進行銷售販賣的一种音乐产业形式。著名的數位音樂下載服務商有iTunes Store、RecoChoku、Google Play音乐和微软Zune等。数字音乐下载在二十一世纪初一度风靡全球, [1] [2] 使得传统唱片产业走向衰落,但其自身也在2010年代流媒体音乐服务如Apple Music、Spotify等的挤压下迅速失去市场份额。 [3] [4] 数字音乐下载有便于携带、传播迅速、制作简单成本低等优点,与流媒体音乐相比也能更好保障音乐人权益; [5] 但它同时很可能带来侵犯版权和滥用的情形, [6] 也给音乐产业带来了诸多不利影响。数字音乐下载为音乐人和乐迷提供了更加便捷直接的交流渠道,也一定程度上推动了网络音乐人的出现和独立音乐的迅速发展。 [7] 目录 1 历史 1.1 技术积淀(1987-2000) 1.2 出现与兴起(2000-2004) 1.3 唱片市场的颠覆者(2004-2007) 1.4 巅峰和衰落(2005-2013) 1.5 摇摇欲坠的现状与不可预知的明天(2014至今) 2 主要文件格式 2.1 PCM编码格式 2.1.1 WAV 2.1.2 APE 2.1.3 FLAC 2.2 苹果推出的无损文件格式 2.2.1 AIFF 2.2.2 ALAC 2.3 有损压缩格式 2.3.1 MP3 2.3.2 AAC 3 主要市场 3.1 iTunes Store 3.2 Google Play音乐商店 3.3 亚马逊音乐商店 3.4 部分其他音乐商店 4 影响与评价 4.1 对音乐产业的影响 4.2 对科技行业的影响 4.3 正面评价 4.4 负面评价 4.4.1 侵权问题 4.4.2 经营模式不明晰 4.4.3 不适应移动时代 4.5 文化现象 5 延伸阅读 6 参考资料 历史 苹果iTunes+iPod的软硬件搭配让数字音
                      Read more

                      格利澤436b

                      Image
                      格利泽436b 太陽系外行星 太陽系外行星列表 艺术家笔下的格利泽436b 母恆星 母恆星 Gliese 436 星座 獅子座 赤經 ( α ) 11 h  42 m  11.0941 s [1] 赤緯 ( δ ) +26° 42′ 23.652″ [1] 距離 33.4 ly (10.2 pc) 光譜類型 M2.5 V [1] 軌道參數 半长轴 ( a ) 0.0291±0.0004 [2] AU 軌道離心率 ( e ) 0.150±0.012 [2] 公轉週期 ( P ) 2.643904±0.000005 [3] d (0.00723849 y) 軌道傾角 ( i ) 85.8 +0.21 −0.25 [3] ° 角距 ( θ ) 2.794 mas 近星點時間 ( T 0 ) 2,451,551.716 ±0.01 JD 半振幅 ( K ) 18.68±0.8 m/s 物理性质 质量 ( m ) 22.2±1.0 [2] M ⊕ 半徑 ( r ) 4.327±0.183 [2] [4] R ⊕ 密度 ( ρ ) 1.51 g cm -3 表面重力 ( g ) 1.18 g 溫度 ( T ) 712±36 [2] K 發現 發現時間 2004 發現者 巴特勒、沃格特、 馬西 et al. 發現方法 徑向速度、凌日法 發現地點 美國加利福尼亞州 發表論文 出版 其他名稱 Ross 905 b, GJ 436 b, [5] LTT 13213 b, GCTP 2704.10 b, LHS 310, AC+27:28217 b, Vyssotsky 616 b, HIP 57087 b, GEN# +9.80120068 b, LP 319-75 b, G 121-7 b, LSPM J1142+2642 b, 1RXS J114211.9+264328 b, ASCC 683818 b, G 147-68 b, UCAC2 41198281 b, BP
                      Read more

                      When can things happen in Etherscan, such as the picture below?

                      Image
                      2 I don't know why balance of the address is 0. when can this situation? etherscan balances share | improve this question asked yesterday Ru Hi Ru Hi 11 1 New contributor Ru Hi is a new contributor to this site. Take care in asking for clarification, commenting, and answering. Check out our Code of Conduct. add a comment  | 
                      Read more