why `nmap 192.168.1.97` returns less services than `nmap 127.0.0.1`?2019 Community Moderator ElectionDifference between `nmap local-IP-address` and `nmap localhost`Doing nmap on a networkCan you send a TCP packet with RST flag set using IPTABLES as a way to trick NMAP into thinking a port is closed?How to tell stateful vs stateless firewall with nmap ACK scanWhy nmap closed my connection?telnet to an host/port works while no service on this host listening on this portnmap raw packet privileges not working (“operation not permitted”, even as root)Why REJECT slows nmap?specifying more than one character on nmap --ip-optionsExhaustive list of REASONs why a host/server might be down (nmap --reason)What are those “unknown” services listed by nmap?

Start making guitar arrangements

Melting point of aspirin, contradicting sources

Why Shazam when there is already Superman?

Not using 's' for he/she/it

Travelling outside the UK without a passport

How should I respond when I lied about my education and the company finds out through background check?

Should I stop contributing to retirement accounts?

How to bake one texture for one mesh with multiple textures blender 2.8

The IT department bottlenecks progress. How should I handle this?

Which one is correct as adjective “protruding” or “protruded”?

Why does the Sun have different day lengths, but not the gas giants?

Are the IPv6 address space and IPv4 address space completely disjoint?

Has any country ever had 2 former presidents in jail simultaneously?

Create all possible words using a set or letters

How do I color the graph in datavisualization?

Biological Blimps: Propulsion

Lowest total scrabble score

Creepy dinosaur pc game identification

why `nmap 192.168.1.97` returns less services than `nmap 127.0.0.1`?

What is the evidence for the "tyranny of the majority problem" in a direct democracy context?

What was the exact wording from Ivanhoe of this advice on how to free yourself from slavery?

C++ debug/print custom type with GDB : the case of nlohmann json library

GraphicsGrid with a Label for each Column and Row

Is it safe to use olive oil to clean the ear wax?



why `nmap 192.168.1.97` returns less services than `nmap 127.0.0.1`?



2019 Community Moderator ElectionDifference between `nmap local-IP-address` and `nmap localhost`Doing nmap on a networkCan you send a TCP packet with RST flag set using IPTABLES as a way to trick NMAP into thinking a port is closed?How to tell stateful vs stateless firewall with nmap ACK scanWhy nmap closed my connection?telnet to an host/port works while no service on this host listening on this portnmap raw packet privileges not working (“operation not permitted”, even as root)Why REJECT slows nmap?specifying more than one character on nmap --ip-optionsExhaustive list of REASONs why a host/server might be down (nmap --reason)What are those “unknown” services listed by nmap?










1















According to https://networkengineering.stackexchange.com/a/57909/, a packet sent to 192.168.1.97 "doesn't leave the host but is treated like a packet received from the network, addressed to 192.168.1.97." So same as sending a packet to loop back 127.0.0.1.



why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?



Does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?



$ nmap -p0-65535 10.44.104.250

Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT
Nmap scan report for ocean (10.44.104.250)
Host is up (0.00039s latency).
Not shown: 65532 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
3306/tcp open mysql
33060/tcp open mysqlx

Nmap done: 1 IP address (1 host up) scanned in 9.55 seconds

$ nmap -p0-65535 localhost

Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00033s latency).
Other addresses for localhost (not scanned):
Not shown: 65529 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
631/tcp open ipp
3306/tcp open mysql
5432/tcp open postgresql
9050/tcp open tor-socks
33060/tcp open mysqlx

Nmap done: 1 IP address (1 host up) scanned in 5.39 seconds


Thanks.










share|improve this question
























  • Because not all services are listening on the external interface?

    – Kusalananda
    3 hours ago






  • 3





    Possible duplicate of Difference between `nmap local-IP-address` and `nmap localhost`

    – Jeff Schaller
    3 hours ago











  • Seems to me that Rui's Answer there applies here.

    – Jeff Schaller
    3 hours ago











  • @Kusalananda In particular, does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

    – Tim
    3 hours ago












  • They're different addresses, why would a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

    – 炸鱼薯条德里克
    1 hour ago















1















According to https://networkengineering.stackexchange.com/a/57909/, a packet sent to 192.168.1.97 "doesn't leave the host but is treated like a packet received from the network, addressed to 192.168.1.97." So same as sending a packet to loop back 127.0.0.1.



why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?



Does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?



$ nmap -p0-65535 10.44.104.250

Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT
Nmap scan report for ocean (10.44.104.250)
Host is up (0.00039s latency).
Not shown: 65532 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
3306/tcp open mysql
33060/tcp open mysqlx

Nmap done: 1 IP address (1 host up) scanned in 9.55 seconds

$ nmap -p0-65535 localhost

Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00033s latency).
Other addresses for localhost (not scanned):
Not shown: 65529 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
631/tcp open ipp
3306/tcp open mysql
5432/tcp open postgresql
9050/tcp open tor-socks
33060/tcp open mysqlx

Nmap done: 1 IP address (1 host up) scanned in 5.39 seconds


Thanks.










share|improve this question
























  • Because not all services are listening on the external interface?

    – Kusalananda
    3 hours ago






  • 3





    Possible duplicate of Difference between `nmap local-IP-address` and `nmap localhost`

    – Jeff Schaller
    3 hours ago











  • Seems to me that Rui's Answer there applies here.

    – Jeff Schaller
    3 hours ago











  • @Kusalananda In particular, does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

    – Tim
    3 hours ago












  • They're different addresses, why would a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

    – 炸鱼薯条德里克
    1 hour ago













1












1








1








According to https://networkengineering.stackexchange.com/a/57909/, a packet sent to 192.168.1.97 "doesn't leave the host but is treated like a packet received from the network, addressed to 192.168.1.97." So same as sending a packet to loop back 127.0.0.1.



why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?



Does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?



$ nmap -p0-65535 10.44.104.250

Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT
Nmap scan report for ocean (10.44.104.250)
Host is up (0.00039s latency).
Not shown: 65532 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
3306/tcp open mysql
33060/tcp open mysqlx

Nmap done: 1 IP address (1 host up) scanned in 9.55 seconds

$ nmap -p0-65535 localhost

Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00033s latency).
Other addresses for localhost (not scanned):
Not shown: 65529 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
631/tcp open ipp
3306/tcp open mysql
5432/tcp open postgresql
9050/tcp open tor-socks
33060/tcp open mysqlx

Nmap done: 1 IP address (1 host up) scanned in 5.39 seconds


Thanks.










share|improve this question
















According to https://networkengineering.stackexchange.com/a/57909/, a packet sent to 192.168.1.97 "doesn't leave the host but is treated like a packet received from the network, addressed to 192.168.1.97." So same as sending a packet to loop back 127.0.0.1.



why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?



Does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?



$ nmap -p0-65535 10.44.104.250

Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT
Nmap scan report for ocean (10.44.104.250)
Host is up (0.00039s latency).
Not shown: 65532 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
3306/tcp open mysql
33060/tcp open mysqlx

Nmap done: 1 IP address (1 host up) scanned in 9.55 seconds

$ nmap -p0-65535 localhost

Starting Nmap 7.60 ( https://nmap.org ) at 2019-03-23 19:18 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00033s latency).
Other addresses for localhost (not scanned):
Not shown: 65529 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
631/tcp open ipp
3306/tcp open mysql
5432/tcp open postgresql
9050/tcp open tor-socks
33060/tcp open mysqlx

Nmap done: 1 IP address (1 host up) scanned in 5.39 seconds


Thanks.







nmap ip-address loopback






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 3 hours ago







Tim

















asked 3 hours ago









TimTim

28k78269488




28k78269488












  • Because not all services are listening on the external interface?

    – Kusalananda
    3 hours ago






  • 3





    Possible duplicate of Difference between `nmap local-IP-address` and `nmap localhost`

    – Jeff Schaller
    3 hours ago











  • Seems to me that Rui's Answer there applies here.

    – Jeff Schaller
    3 hours ago











  • @Kusalananda In particular, does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

    – Tim
    3 hours ago












  • They're different addresses, why would a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

    – 炸鱼薯条德里克
    1 hour ago

















  • Because not all services are listening on the external interface?

    – Kusalananda
    3 hours ago






  • 3





    Possible duplicate of Difference between `nmap local-IP-address` and `nmap localhost`

    – Jeff Schaller
    3 hours ago











  • Seems to me that Rui's Answer there applies here.

    – Jeff Schaller
    3 hours ago











  • @Kusalananda In particular, does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

    – Tim
    3 hours ago












  • They're different addresses, why would a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

    – 炸鱼薯条德里克
    1 hour ago
















Because not all services are listening on the external interface?

– Kusalananda
3 hours ago





Because not all services are listening on the external interface?

– Kusalananda
3 hours ago




3




3





Possible duplicate of Difference between `nmap local-IP-address` and `nmap localhost`

– Jeff Schaller
3 hours ago





Possible duplicate of Difference between `nmap local-IP-address` and `nmap localhost`

– Jeff Schaller
3 hours ago













Seems to me that Rui's Answer there applies here.

– Jeff Schaller
3 hours ago





Seems to me that Rui's Answer there applies here.

– Jeff Schaller
3 hours ago













@Kusalananda In particular, does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

– Tim
3 hours ago






@Kusalananda In particular, does nmap 127.0.0.1 necessarily also return those services returned by nmap 192.168.1.97? Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

– Tim
3 hours ago














They're different addresses, why would a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

– 炸鱼薯条德里克
1 hour ago





They're different addresses, why would a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?

– 炸鱼薯条德里克
1 hour ago










3 Answers
3






active

oldest

votes


















1














No, a service listening to a port on an external interface does not necessarily also listen on that port on localhost.



You can test this with something like



nc -l external-ip-address port-number


Then run nmap against localhost, then against the external IP address.






share|improve this answer






























    1














    In short, they are two different interfaces (192.168.1.97 vs 127.0.0.1), and may have different firewall rules applied and/or services listening. Being on the same machine means relatively little.






    share|improve this answer






























      1















      why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?




      Because to improve security many services are configured by default to only listen on 127.0.0.1 (and/or the IPv6 equivilent ::1)




      Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?




      No



      Generally a service can create a listening socket to listen on.



      1. A specific IP, such a listening socket will only accept traffic destined for that specific IP.

      2. 0.0.0.0 , this will accept traffic to all IPv4 IPs assigned to the machine.

      3. :: this will accept traffic to all IPv6 IPs assigned to the machine. It may or may not accept traffic destined to IPv4 IPs on the machine depending on the particular OS, system wide configuration and socket-specific options.





      share|improve this answer






















        Your Answer








        StackExchange.ready(function()
        var channelOptions =
        tags: "".split(" "),
        id: "106"
        ;
        initTagRenderer("".split(" "), "".split(" "), channelOptions);

        StackExchange.using("externalEditor", function()
        // Have to fire editor after snippets, if snippets enabled
        if (StackExchange.settings.snippets.snippetsEnabled)
        StackExchange.using("snippets", function()
        createEditor();
        );

        else
        createEditor();

        );

        function createEditor()
        StackExchange.prepareEditor(
        heartbeatType: 'answer',
        autoActivateHeartbeat: false,
        convertImagesToLinks: false,
        noModals: true,
        showLowRepImageUploadWarning: true,
        reputationToPostImages: null,
        bindNavPrevention: true,
        postfix: "",
        imageUploader:
        brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
        contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
        allowUrls: true
        ,
        onDemand: true,
        discardSelector: ".discard-answer"
        ,immediatelyShowMarkdownHelp:true
        );



        );













        draft saved

        draft discarded


















        StackExchange.ready(
        function ()
        StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f508229%2fwhy-nmap-192-168-1-97-returns-less-services-than-nmap-127-0-0-1%23new-answer', 'question_page');

        );

        Post as a guest















        Required, but never shown

























        3 Answers
        3






        active

        oldest

        votes








        3 Answers
        3






        active

        oldest

        votes









        active

        oldest

        votes






        active

        oldest

        votes









        1














        No, a service listening to a port on an external interface does not necessarily also listen on that port on localhost.



        You can test this with something like



        nc -l external-ip-address port-number


        Then run nmap against localhost, then against the external IP address.






        share|improve this answer



























          1














          No, a service listening to a port on an external interface does not necessarily also listen on that port on localhost.



          You can test this with something like



          nc -l external-ip-address port-number


          Then run nmap against localhost, then against the external IP address.






          share|improve this answer

























            1












            1








            1







            No, a service listening to a port on an external interface does not necessarily also listen on that port on localhost.



            You can test this with something like



            nc -l external-ip-address port-number


            Then run nmap against localhost, then against the external IP address.






            share|improve this answer













            No, a service listening to a port on an external interface does not necessarily also listen on that port on localhost.



            You can test this with something like



            nc -l external-ip-address port-number


            Then run nmap against localhost, then against the external IP address.







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered 3 hours ago









            KusalanandaKusalananda

            137k17258426




            137k17258426























                1














                In short, they are two different interfaces (192.168.1.97 vs 127.0.0.1), and may have different firewall rules applied and/or services listening. Being on the same machine means relatively little.






                share|improve this answer



























                  1














                  In short, they are two different interfaces (192.168.1.97 vs 127.0.0.1), and may have different firewall rules applied and/or services listening. Being on the same machine means relatively little.






                  share|improve this answer

























                    1












                    1








                    1







                    In short, they are two different interfaces (192.168.1.97 vs 127.0.0.1), and may have different firewall rules applied and/or services listening. Being on the same machine means relatively little.






                    share|improve this answer













                    In short, they are two different interfaces (192.168.1.97 vs 127.0.0.1), and may have different firewall rules applied and/or services listening. Being on the same machine means relatively little.







                    share|improve this answer












                    share|improve this answer



                    share|improve this answer










                    answered 2 hours ago









                    JohnJohn

                    11.7k11931




                    11.7k11931





















                        1















                        why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?




                        Because to improve security many services are configured by default to only listen on 127.0.0.1 (and/or the IPv6 equivilent ::1)




                        Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?




                        No



                        Generally a service can create a listening socket to listen on.



                        1. A specific IP, such a listening socket will only accept traffic destined for that specific IP.

                        2. 0.0.0.0 , this will accept traffic to all IPv4 IPs assigned to the machine.

                        3. :: this will accept traffic to all IPv6 IPs assigned to the machine. It may or may not accept traffic destined to IPv4 IPs on the machine depending on the particular OS, system wide configuration and socket-specific options.





                        share|improve this answer



























                          1















                          why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?




                          Because to improve security many services are configured by default to only listen on 127.0.0.1 (and/or the IPv6 equivilent ::1)




                          Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?




                          No



                          Generally a service can create a listening socket to listen on.



                          1. A specific IP, such a listening socket will only accept traffic destined for that specific IP.

                          2. 0.0.0.0 , this will accept traffic to all IPv4 IPs assigned to the machine.

                          3. :: this will accept traffic to all IPv6 IPs assigned to the machine. It may or may not accept traffic destined to IPv4 IPs on the machine depending on the particular OS, system wide configuration and socket-specific options.





                          share|improve this answer

























                            1












                            1








                            1








                            why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?




                            Because to improve security many services are configured by default to only listen on 127.0.0.1 (and/or the IPv6 equivilent ::1)




                            Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?




                            No



                            Generally a service can create a listening socket to listen on.



                            1. A specific IP, such a listening socket will only accept traffic destined for that specific IP.

                            2. 0.0.0.0 , this will accept traffic to all IPv4 IPs assigned to the machine.

                            3. :: this will accept traffic to all IPv6 IPs assigned to the machine. It may or may not accept traffic destined to IPv4 IPs on the machine depending on the particular OS, system wide configuration and socket-specific options.





                            share|improve this answer














                            why does nmap 127.0.0.1 return more services than nmap 192.168.1.97?




                            Because to improve security many services are configured by default to only listen on 127.0.0.1 (and/or the IPv6 equivilent ::1)




                            Does a server listening at 192.168.1.97 necessarily also listen at 127.0.0.1?




                            No



                            Generally a service can create a listening socket to listen on.



                            1. A specific IP, such a listening socket will only accept traffic destined for that specific IP.

                            2. 0.0.0.0 , this will accept traffic to all IPv4 IPs assigned to the machine.

                            3. :: this will accept traffic to all IPv6 IPs assigned to the machine. It may or may not accept traffic destined to IPv4 IPs on the machine depending on the particular OS, system wide configuration and socket-specific options.






                            share|improve this answer












                            share|improve this answer



                            share|improve this answer










                            answered 1 hour ago









                            plugwashplugwash

                            1,901619




                            1,901619



























                                draft saved

                                draft discarded
















































                                Thanks for contributing an answer to Unix & Linux Stack Exchange!


                                • Please be sure to answer the question. Provide details and share your research!

                                But avoid


                                • Asking for help, clarification, or responding to other answers.

                                • Making statements based on opinion; back them up with references or personal experience.

                                To learn more, see our tips on writing great answers.




                                draft saved


                                draft discarded














                                StackExchange.ready(
                                function ()
                                StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f508229%2fwhy-nmap-192-168-1-97-returns-less-services-than-nmap-127-0-0-1%23new-answer', 'question_page');

                                );

                                Post as a guest















                                Required, but never shown





















































                                Required, but never shown














                                Required, but never shown












                                Required, but never shown







                                Required, but never shown

































                                Required, but never shown














                                Required, but never shown












                                Required, but never shown







                                Required, but never shown







                                Popular posts from this blog

                                名間水力發電廠 目录 沿革 設施 鄰近設施 註釋 外部連結 导航菜单23°50′10″N 120°42′41″E / 23.83611°N 120.71139°E / 23.83611; 120.7113923°50′10″N 120°42′41″E / 23.83611°N 120.71139°E / 23.83611; 120.71139計畫概要原始内容臺灣第一座BOT 模式開發的水力發電廠-名間水力電廠名間水力發電廠 水利署首件BOT案原始内容《小檔案》名間電廠 首座BOT水力發電廠原始内容名間電廠BOT - 經濟部水利署中區水資源局

                                Prove that NP is closed under karp reduction?Space(n) not closed under Karp reductions - what about NTime(n)?Class P is closed under rotation?Prove or disprove that $NL$ is closed under polynomial many-one reductions$mathbfNC_2$ is closed under log-space reductionOn Karp reductionwhen can I know if a class (complexity) is closed under reduction (cook/karp)Check if class $PSPACE$ is closed under polyonomially space reductionIs NPSPACE also closed under polynomial-time reduction and under log-space reduction?Prove PSPACE is closed under complement?Prove PSPACE is closed under union?

                                Is my guitar’s action too high? Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)Strings too stiff on a recently purchased acoustic guitar | Cort AD880CEIs the action of my guitar really high?Μy little finger is too weak to play guitarWith guitar, how long should I give my fingers to strengthen / callous?When playing a fret the guitar sounds mutedPlaying (Barre) chords up the guitar neckI think my guitar strings are wound too tight and I can't play barre chordsF barre chord on an SG guitarHow to find to the right strings of a barre chord by feel?High action on higher fret on my steel acoustic guitar