bongo_bongo Posted September 3, 2016 Posted September 3, 2016 I used nmap to scan my internal (192.168.1.101) IP and also localhost (127.0.0.1). The majority of ports that are open are open either on localhost or the internal IP while a few were open on both. 1. I've never been able to understand the relationship between localhost and the internal IP. Can someone please explain it? 2. In the context of ports, what does it mean for a port to be open on localhost? I suppose that a port open on 192.168.1.101 means that it's used by a program that's running on that machine. Why would a program e.g. SSH (see below) have ports open on both localhost and the internal IP? Thanks - I really find this topic quite confusing! Results of nmap scan on Ubuntu machine: 127.0.0.1 25/tcp open smtp 631/tcp open ipp (internet printing protocol - used for CUPS) 1194/tcp open openvpn 7396/tcp open Folding@Home (https://folding.stanford.edu/) web interface 9050/tcp open tor-socks 36330/tcp open Folding@Home (https://folding.stanford.edu/) client 41466/tcp open unknown 50000/tcp open SSH (non-standard port) 68/udp open|filtered dhcpc 631/udp open|filtered ipp 5353/udp open|filtered zeroconf 17535/udp open|filtered unknown 47322/udp open|filtered unknown 192.168.1.101 7396/tcp open Folding@Home (https://folding.stanford.edu/) web interface 36330/tcp open Folding@Home (https://folding.stanford.edu/) client 50000/tcp open SSH (non-standard port) 68/udp open|filtered dhcpc 631/udp open|filtered ipp 5353/udp open|filtered zeroconf 15904/udp open|filtered unknown 35519/udp open|filtered unknown 49513/udp open|filtered unknown Quote
anode Posted September 3, 2016 Posted September 3, 2016 try netstat -plant and see what programs are using those ports. Quote
digip Posted September 4, 2016 Posted September 4, 2016 netstat -antplu for both tcp and udp listeners on linux, and netstat -anbt on windows will show all ports tcp and udp as well as listeners and the associated programs. thing to understand is 127.0.0.1 and localhost, are internal listeners, and 0.0.0.0 will accept requests from the web or both local and external to the machine. If you have a service running/listening on 127.0.0.1 only, you can only access it form the localhost, and not via the web without tunneling or forwarding it back to someone outside the machine. Example, web servers with internal database servers or an internal ftp server that only accepts connections from the same machine(why, I don't know, but some CTF's I've done, the flags were hidden on an internal FTP server). Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.