nmap shows less ports open when it runs against ip other than localhost

StackOverflow https://stackoverflow.com/questions/11905830

  •  25-06-2021
  •  | 
  •  

Question

I have a vm in vmware workstation, it's bridged network and DHCP. The IP assigned by DHCP server is 10.21.245.22. Here is my /etc/hosts looks like:

127.0.0.1 hadoop-namenode-01 localhost

I am running command A and B on the box itself.

Command A:

root@hadoop-namenode-01:~# nmap -sT -sU -p- localhost

Starting Nmap 5.21 ( http://nmap.org ) at 2012-08-10 09:32 PDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00029s latency).
rDNS record for 127.0.0.1: hadoop-namenode-01
Not shown: 131058 closed ports
PORT      STATE         SERVICE
22/tcp    open          ssh
53/tcp    open          domain
631/tcp   open          ipp
8020/tcp  open          unknown
9000/tcp  open          cslistener
9001/tcp  open          tor-orport
50070/tcp open          unknown
53/udp    open|filtered domain
68/udp    open|filtered dhcpc
123/udp   open          ntp
5353/udp  open|filtered zeroconf
47982/udp open|filtered unknown

Nmap done: 1 IP address (1 host up) scanned in 12.45 seconds

Command B:

root@hadoop-namenode-01:~# nmap -sT -sU -p- 10.21.245.22

Starting Nmap 5.21 ( http://nmap.org ) at 2012-08-10 09:28 PDT
Nmap scan report for wn7x64-3jql0q1.dub.emea.dell.com (10.21.245.22)
Host is up (0.00029s latency).
Not shown: 131065 closed ports
PORT      STATE         SERVICE
22/tcp    open          ssh
68/udp    open|filtered dhcpc
123/udp   open          ntp
5353/udp  open|filtered zeroconf
47982/udp open|filtered unknown

Nmap done: 1 IP address (1 host up) scanned in 12.20 seconds

My question is :

since I have no firewall or anything like that blocking ports, why nmap shows more ports open when it's running against localhost while less ports are shown when it's running against the ip.

Était-ce utile?

La solution

why nmap shows more ports open when it's running against localhost while less ports are shown when it's running against the ip

Some applications decided to explicitly listen (bind actually) only on localhost, i.e. 127.0.0.1. You can do a netstat to check things out.

Autres conseils

Most of system running process in Linux use loopback (127.0.0.1) ip address to communicate with each other. It doesn't require to send packet outside network.

Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
scroll top