why `nmap 192.168.1.97` returns less services than `nmap 127.0.0.1`?2019 Community Moderator ElectionDifference between `nmap local-IP-address` and `nmap localhost`Doing nmap on a networkCan you send a TCP packet with RST flag set using IPTABLES as a way to trick NMAP into thinking a port is closed?How to tell stateful vs stateless firewall with nmap ACK scanWhy nmap closed my connection?telnet to an host/port works while no service on this host listening on this portnmap raw packet privileges not working (“operation not permitted”, even as root)Why REJECT slows nmap?specifying more than one character on nmap --ip-optionsExhaustive list of REASONs why a host/server might be down (nmap --reason)What are those “unknown” services listed by nmap?

What is this called? Old film camera viewer?

Removing files under particular conditions (number of files, file age)

Is there a name for this algorithm to calculate the concentration of a mixture of two solutions containing the same solute?

What should you do if you miss a job interview (deliberately)?

Why electric field inside a cavity of a non-conducting sphere not zero?

Strong empirical falsification of quantum mechanics based on vacuum energy density

The screen of my macbook suddenly broken down how can I do to recover

Does an advisor owe his/her student anything? Will an advisor keep a PhD student only out of pity?

Should I stop contributing to retirement accounts?

Why should universal income be universal?

Delivering sarcasm

What is this cable/device?

What was the exact wording from Ivanhoe of this advice on how to free yourself from slavery?

Store Credit Card Information in Password Manager?

Can I sign legal documents with a smiley face?

Problem with TransformedDistribution

Non-trope happy ending?

How should I respond when I lied about my education and the company finds out through background check?

Start making guitar arrangements

Does a 'pending' US visa application constitute a denial?

On a tidally locked planet, would time be quantized?

Why is so much work done on numerical verification of the Riemann Hypothesis?

Is it possible to have a strip of cold climate in the middle of a planet?

Added a new user on Ubuntu, set password not working?



why `nmap 192.168.1.97` returns less services than `nmap 127.0.0.1`?



2019 Community Moderator ElectionDifference between `nmap local-IP-address` and `nmap localhost`Doing nmap on a networkCan you send a TCP packet with RST flag set using IPTABLES as a way to trick NMAP into thinking a port is closed?How to tell stateful vs stateless firewall with nmap ACK scanWhy nmap closed my connection?telnet to an host/port works while no service on this host listening on this portnmap raw packet privileges not working (“operation not permitted”, even as root)Why REJECT slows nmap?specifying more than one character on nmap --ip-optionsExhaustive list of REASONs why a host/server might be down (nmap --reason)What are those “unknown” services listed by nmap?










1















According to https://networkengineering.stackexchange.com/a/57909/, a packet sent to 192.168.1.97 "doesn't leave the host but is treated like a packet received from the network, addressed to 192.168.1.97." So same as sending a packet to loop back 127.0.0.1.



why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?



Does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?



$ nmap -p0-65535 10.44.104.250

Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT
Nmap scan report for ocean (10.44.104.250)
Host is up (0.00039s latency).
Not shown: 65532 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
3306/tcp open mysql
33060/tcp open mysqlx

Nmap done: 1 IP address (1 host up) scanned in 9.55 seconds

$ nmap -p0-65535 localhost

Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00033s latency).
Other addresses for localhost (not scanned):
Not shown: 65529 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
631/tcp open ipp
3306/tcp open mysql
5432/tcp open postgresql
9050/tcp open tor-socks
33060/tcp open mysqlx

Nmap done: 1 IP address (1 host up) scanned in 5.39 seconds


Thanks.










share|improve this question
























  • Because not all services are listening on the external interface?

    – Kusalananda
    3 hours ago






  • 3





    Possible duplicate of Difference between `nmap local-IP-address` and `nmap localhost`

    – Jeff Schaller
    3 hours ago











  • Seems to me that Rui's Answer there applies here.

    – Jeff Schaller
    3 hours ago











  • @Kusalananda In particular, does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

    – Tim
    3 hours ago












  • They're different addresses, why would a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

    – 炸鱼薯条德里克
    52 mins ago















1















According to https://networkengineering.stackexchange.com/a/57909/, a packet sent to 192.168.1.97 "doesn't leave the host but is treated like a packet received from the network, addressed to 192.168.1.97." So same as sending a packet to loop back 127.0.0.1.



why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?



Does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?



$ nmap -p0-65535 10.44.104.250

Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT
Nmap scan report for ocean (10.44.104.250)
Host is up (0.00039s latency).
Not shown: 65532 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
3306/tcp open mysql
33060/tcp open mysqlx

Nmap done: 1 IP address (1 host up) scanned in 9.55 seconds

$ nmap -p0-65535 localhost

Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00033s latency).
Other addresses for localhost (not scanned):
Not shown: 65529 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
631/tcp open ipp
3306/tcp open mysql
5432/tcp open postgresql
9050/tcp open tor-socks
33060/tcp open mysqlx

Nmap done: 1 IP address (1 host up) scanned in 5.39 seconds


Thanks.










share|improve this question
























  • Because not all services are listening on the external interface?

    – Kusalananda
    3 hours ago






  • 3





    Possible duplicate of Difference between `nmap local-IP-address` and `nmap localhost`

    – Jeff Schaller
    3 hours ago











  • Seems to me that Rui's Answer there applies here.

    – Jeff Schaller
    3 hours ago











  • @Kusalananda In particular, does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

    – Tim
    3 hours ago












  • They're different addresses, why would a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

    – 炸鱼薯条德里克
    52 mins ago













1












1








1








According to https://networkengineering.stackexchange.com/a/57909/, a packet sent to 192.168.1.97 "doesn't leave the host but is treated like a packet received from the network, addressed to 192.168.1.97." So same as sending a packet to loop back 127.0.0.1.



why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?



Does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?



$ nmap -p0-65535 10.44.104.250

Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT
Nmap scan report for ocean (10.44.104.250)
Host is up (0.00039s latency).
Not shown: 65532 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
3306/tcp open mysql
33060/tcp open mysqlx

Nmap done: 1 IP address (1 host up) scanned in 9.55 seconds

$ nmap -p0-65535 localhost

Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00033s latency).
Other addresses for localhost (not scanned):
Not shown: 65529 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
631/tcp open ipp
3306/tcp open mysql
5432/tcp open postgresql
9050/tcp open tor-socks
33060/tcp open mysqlx

Nmap done: 1 IP address (1 host up) scanned in 5.39 seconds


Thanks.










share|improve this question
















According to https://networkengineering.stackexchange.com/a/57909/, a packet sent to 192.168.1.97 "doesn't leave the host but is treated like a packet received from the network, addressed to 192.168.1.97." So same as sending a packet to loop back 127.0.0.1.



why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?



Does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?



$ nmap -p0-65535 10.44.104.250

Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT
Nmap scan report for ocean (10.44.104.250)
Host is up (0.00039s latency).
Not shown: 65532 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
3306/tcp open mysql
33060/tcp open mysqlx

Nmap done: 1 IP address (1 host up) scanned in 9.55 seconds

$ nmap -p0-65535 localhost

Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00033s latency).
Other addresses for localhost (not scanned):
Not shown: 65529 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
631/tcp open ipp
3306/tcp open mysql
5432/tcp open postgresql
9050/tcp open tor-socks
33060/tcp open mysqlx

Nmap done: 1 IP address (1 host up) scanned in 5.39 seconds


Thanks.







nmap ip-address loopback






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 3 hours ago







Tim

















asked 3 hours ago









TimTim

28k78269488




28k78269488












  • Because not all services are listening on the external interface?

    – Kusalananda
    3 hours ago






  • 3





    Possible duplicate of Difference between `nmap local-IP-address` and `nmap localhost`

    – Jeff Schaller
    3 hours ago











  • Seems to me that Rui's Answer there applies here.

    – Jeff Schaller
    3 hours ago











  • @Kusalananda In particular, does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

    – Tim
    3 hours ago












  • They're different addresses, why would a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

    – 炸鱼薯条德里克
    52 mins ago

















  • Because not all services are listening on the external interface?

    – Kusalananda
    3 hours ago






  • 3





    Possible duplicate of Difference between `nmap local-IP-address` and `nmap localhost`

    – Jeff Schaller
    3 hours ago











  • Seems to me that Rui's Answer there applies here.

    – Jeff Schaller
    3 hours ago











  • @Kusalananda In particular, does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

    – Tim
    3 hours ago












  • They're different addresses, why would a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

    – 炸鱼薯条德里克
    52 mins ago
















Because not all services are listening on the external interface?

– Kusalananda
3 hours ago





Because not all services are listening on the external interface?

– Kusalananda
3 hours ago




3




3





Possible duplicate of Difference between `nmap local-IP-address` and `nmap localhost`

– Jeff Schaller
3 hours ago





Possible duplicate of Difference between `nmap local-IP-address` and `nmap localhost`

– Jeff Schaller
3 hours ago













Seems to me that Rui's Answer there applies here.

– Jeff Schaller
3 hours ago





Seems to me that Rui's Answer there applies here.

– Jeff Schaller
3 hours ago













@Kusalananda In particular, does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

– Tim
3 hours ago






@Kusalananda In particular, does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

– Tim
3 hours ago














They're different addresses, why would a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

– 炸鱼薯条德里克
52 mins ago





They're different addresses, why would a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

– 炸鱼薯条德里克
52 mins ago










3 Answers
3






active

oldest

votes


















1














No, a service listening to a port on an external interface does not necessarily also listen on that port on localhost.



You can test this with something like



nc -l external-ip-address port-number


Then run nmap against localhost, then against the external IP address.






share|improve this answer






























    1














    In short, they are two different interfaces (192.168.1.97 vs 127.0.0.1), and may have different firewall rules applied and/or services listening. Being on the same machine means relatively little.






    share|improve this answer






























      1















      why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?




      Because to improve security many services are configured by default to only listen on 127.0.0.1 (and/or the IPv6 equivilent ::1)




      Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?




      No



      Generally a service can create a listening socket to listen on.



      1. A specific IP, such a listening socket will only accept traffic destined for that specific IP.

      2. 0.0.0.0 , this will accept traffic to all IPv4 IPs assigned to the machine.

      3. :: this will accept traffic to all IPv6 IPs assigned to the machine. It may or may not accept traffic destined to IPv4 IPs on the machine depending on the particular OS, system wide configuration and socket-specific options.





      share|improve this answer






















        Your Answer








        StackExchange.ready(function()
        var channelOptions =
        tags: "".split(" "),
        id: "106"
        ;
        initTagRenderer("".split(" "), "".split(" "), channelOptions);

        StackExchange.using("externalEditor", function()
        // Have to fire editor after snippets, if snippets enabled
        if (StackExchange.settings.snippets.snippetsEnabled)
        StackExchange.using("snippets", function()
        createEditor();
        );

        else
        createEditor();

        );

        function createEditor()
        StackExchange.prepareEditor(
        heartbeatType: 'answer',
        autoActivateHeartbeat: false,
        convertImagesToLinks: false,
        noModals: true,
        showLowRepImageUploadWarning: true,
        reputationToPostImages: null,
        bindNavPrevention: true,
        postfix: "",
        imageUploader:
        brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
        contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
        allowUrls: true
        ,
        onDemand: true,
        discardSelector: ".discard-answer"
        ,immediatelyShowMarkdownHelp:true
        );



        );













        draft saved

        draft discarded


















        StackExchange.ready(
        function ()
        StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f508229%2fwhy-nmap-192-168-1-97-returns-less-services-than-nmap-127-0-0-1%23new-answer', 'question_page');

        );

        Post as a guest















        Required, but never shown

























        3 Answers
        3






        active

        oldest

        votes








        3 Answers
        3






        active

        oldest

        votes









        active

        oldest

        votes






        active

        oldest

        votes









        1














        No, a service listening to a port on an external interface does not necessarily also listen on that port on localhost.



        You can test this with something like



        nc -l external-ip-address port-number


        Then run nmap against localhost, then against the external IP address.






        share|improve this answer



























          1














          No, a service listening to a port on an external interface does not necessarily also listen on that port on localhost.



          You can test this with something like



          nc -l external-ip-address port-number


          Then run nmap against localhost, then against the external IP address.






          share|improve this answer

























            1












            1








            1







            No, a service listening to a port on an external interface does not necessarily also listen on that port on localhost.



            You can test this with something like



            nc -l external-ip-address port-number


            Then run nmap against localhost, then against the external IP address.






            share|improve this answer













            No, a service listening to a port on an external interface does not necessarily also listen on that port on localhost.



            You can test this with something like



            nc -l external-ip-address port-number


            Then run nmap against localhost, then against the external IP address.







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered 2 hours ago









            KusalanandaKusalananda

            137k17258426




            137k17258426























                1














                In short, they are two different interfaces (192.168.1.97 vs 127.0.0.1), and may have different firewall rules applied and/or services listening. Being on the same machine means relatively little.






                share|improve this answer



























                  1














                  In short, they are two different interfaces (192.168.1.97 vs 127.0.0.1), and may have different firewall rules applied and/or services listening. Being on the same machine means relatively little.






                  share|improve this answer

























                    1












                    1








                    1







                    In short, they are two different interfaces (192.168.1.97 vs 127.0.0.1), and may have different firewall rules applied and/or services listening. Being on the same machine means relatively little.






                    share|improve this answer













                    In short, they are two different interfaces (192.168.1.97 vs 127.0.0.1), and may have different firewall rules applied and/or services listening. Being on the same machine means relatively little.







                    share|improve this answer












                    share|improve this answer



                    share|improve this answer










                    answered 2 hours ago









                    JohnJohn

                    11.7k11931




                    11.7k11931





















                        1















                        why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?




                        Because to improve security many services are configured by default to only listen on 127.0.0.1 (and/or the IPv6 equivilent ::1)




                        Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?




                        No



                        Generally a service can create a listening socket to listen on.



                        1. A specific IP, such a listening socket will only accept traffic destined for that specific IP.

                        2. 0.0.0.0 , this will accept traffic to all IPv4 IPs assigned to the machine.

                        3. :: this will accept traffic to all IPv6 IPs assigned to the machine. It may or may not accept traffic destined to IPv4 IPs on the machine depending on the particular OS, system wide configuration and socket-specific options.





                        share|improve this answer



























                          1















                          why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?




                          Because to improve security many services are configured by default to only listen on 127.0.0.1 (and/or the IPv6 equivilent ::1)




                          Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?




                          No



                          Generally a service can create a listening socket to listen on.



                          1. A specific IP, such a listening socket will only accept traffic destined for that specific IP.

                          2. 0.0.0.0 , this will accept traffic to all IPv4 IPs assigned to the machine.

                          3. :: this will accept traffic to all IPv6 IPs assigned to the machine. It may or may not accept traffic destined to IPv4 IPs on the machine depending on the particular OS, system wide configuration and socket-specific options.





                          share|improve this answer

























                            1












                            1








                            1








                            why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?




                            Because to improve security many services are configured by default to only listen on 127.0.0.1 (and/or the IPv6 equivilent ::1)




                            Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?




                            No



                            Generally a service can create a listening socket to listen on.



                            1. A specific IP, such a listening socket will only accept traffic destined for that specific IP.

                            2. 0.0.0.0 , this will accept traffic to all IPv4 IPs assigned to the machine.

                            3. :: this will accept traffic to all IPv6 IPs assigned to the machine. It may or may not accept traffic destined to IPv4 IPs on the machine depending on the particular OS, system wide configuration and socket-specific options.





                            share|improve this answer














                            why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?




                            Because to improve security many services are configured by default to only listen on 127.0.0.1 (and/or the IPv6 equivilent ::1)




                            Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?




                            No



                            Generally a service can create a listening socket to listen on.



                            1. A specific IP, such a listening socket will only accept traffic destined for that specific IP.

                            2. 0.0.0.0 , this will accept traffic to all IPv4 IPs assigned to the machine.

                            3. :: this will accept traffic to all IPv6 IPs assigned to the machine. It may or may not accept traffic destined to IPv4 IPs on the machine depending on the particular OS, system wide configuration and socket-specific options.






                            share|improve this answer












                            share|improve this answer



                            share|improve this answer










                            answered 1 hour ago









                            plugwashplugwash

                            1,901619




                            1,901619



























                                draft saved

                                draft discarded
















































                                Thanks for contributing an answer to Unix & Linux Stack Exchange!


                                • Please be sure to answer the question. Provide details and share your research!

                                But avoid


                                • Asking for help, clarification, or responding to other answers.

                                • Making statements based on opinion; back them up with references or personal experience.

                                To learn more, see our tips on writing great answers.




                                draft saved


                                draft discarded














                                StackExchange.ready(
                                function ()
                                StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f508229%2fwhy-nmap-192-168-1-97-returns-less-services-than-nmap-127-0-0-1%23new-answer', 'question_page');

                                );

                                Post as a guest















                                Required, but never shown





















































                                Required, but never shown














                                Required, but never shown












                                Required, but never shown







                                Required, but never shown

































                                Required, but never shown














                                Required, but never shown












                                Required, but never shown







                                Required, but never shown







                                Popular posts from this blog

                                How should I use the fbox command correctly to avoid producing a Bad Box message?How to put a long piece of text in a box?How to specify height and width of fboxIs there an arrayrulecolor-like command to change the rule color of fbox?What is the command to highlight bad boxes in pdf?Why does fbox sometimes place the box *over* the graphic image?how to put the text in the boxHow to create command for a box where text inside the box can automatically adjust?how can I make an fbox like command with certain color, shape and width of border?how to use fbox in align modeFbox increase the spacing between the box and it content (inner margin)how to change the box height of an equationWhat is the use of the hbox in a newcommand command?

                                Doxepinum Nexus interni Notae | Tabula navigationis3158DB01142WHOa682390"Structural Analysis of the Histamine H1 Receptor""Transdermal and Topical Drug Administration in the Treatment of Pain""Antidepressants as antipruritic agents: A review"

                                inputenc: Unicode character … not set up for use with LaTeX The Next CEO of Stack OverflowEntering Unicode characters in LaTeXHow to solve the `Package inputenc Error: Unicode char not set up for use with LaTeX` problem?solve “Unicode char is not set up for use with LaTeX” without special handling of every new interesting UTF-8 characterPackage inputenc Error: Unicode character ² (U+B2)(inputenc) not set up for use with LaTeX. acroI2C[I²C]package inputenc error unicode char (u + 190) not set up for use with latexPackage inputenc Error: Unicode char u8:′ not set up for use with LaTeX. 3′inputenc Error: Unicode char u8: not set up for use with LaTeX with G-BriefPackage Inputenc Error: Unicode char u8: not set up for use with LaTeXPackage inputenc Error: Unicode char ́ (U+301)(inputenc) not set up for use with LaTeX. includePackage inputenc Error: Unicode char ̂ (U+302)(inputenc) not set up for use with LaTeX. … $widehatleft (OA,AA' right )$Package inputenc Error: Unicode char â„¡ (U+2121)(inputenc) not set up for use with LaTeX. printbibliography[heading=bibintoc]Package inputenc Error: Unicode char − (U+2212)(inputenc) not set up for use with LaTeXPackage inputenc Error: Unicode character α (U+3B1) not set up for use with LaTeXPackage inputenc Error: Unicode characterError: ! Package inputenc Error: Unicode char ⊘ (U+2298)(inputenc) not set up for use with LaTeX