Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] 4 extra ports opened

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: M K <gedropi@xxxxxxxxx>
Date: Sat, 3 Apr 2010 07:35:17 -0800
Thank you for enlightening me.  I now have the fake and the true
127.0.0.1 interfaces enabled on this machine. I am wondering which one
is actually bound to my proxy at this point.  Once again, I love *nix
because what you see is what you get.

This originally started as a WS issue but turned out to be a
discovery.  Thanks for responding.

On 4/2/10, Martin Visser <martinvisser99@xxxxxxxxx> wrote:
> M K,
>
> There's no real explanation except that Windows != UNIX. Windows has the
> loopback address, which can you obviously bind() to, but the designers have
> chosen not to implement it as a true interface.
>
> Regards, Martin
>
> MartinVisser99@xxxxxxxxx
>
>
> On Sat, Apr 3, 2010 at 12:50 AM, M K <gedropi@xxxxxxxxx> wrote:
>
>> Low end machine for the time being.  Windows 2000 SP4, OEM version.
>> WS Version 1.0.9 (SVN Rev 29911)
>>
>> I am confused.  I can ping 127.0.0.1 and my proxy is bound to the
>> localhost, yet when I go into Device Mgr > Hardware, indeed, there is
>> no loopback listed!?  Just as you said.  So what actually am I pinging
>> and what is my proxy actually bound to?  Thank you for this
>> information.
>>
>> On 4/1/10, Martin Visser <martinvisser99@xxxxxxxxx> wrote:
>> > You haven't said what platform you are running on, but in the
>> out-of-the-box
>> > Wireshark on Windows the loopback interface doesn't exist (it does on
>> other
>> > platforms)
>> >
>> > http://wiki.wireshark.org/CaptureSetup/Loopback
>> > <http://wiki.wireshark.org/CaptureSetup/Loopback>
>> > Regards, Martin
>> >
>> > MartinVisser99@xxxxxxxxx
>> >
>> >
>> > On Fri, Apr 2, 2010 at 11:22 AM, M K <gedropi@xxxxxxxxx> wrote:
>> >
>> >> I  I  realized that WS was picking up traffic off the hardware
>> >> interface, but was unsure if in the promiscuous mode, it could/should
>> >> also pick up software interfaces (127.0.0.1).  Curious about the
>> >> Password Manager reference since FF does not request pws.  So my
>> >> question is:  Which passwords?  I will look into that.  Again thanks.
>> >>
>> >> On 4/1/10, Martin Visser <martinvisser99@xxxxxxxxx> wrote:
>> >> > This is a known requirement for Firefox on non-UNIX systems -
>> >> >
>> >>
>> https://support.mozilla.com/en-US/kb/Firefox+makes+unrequested+connections#Loopback_connection
>> >> > .
>> >> > Googling elsewhere indicates it is to do with the password manager.
>> >> >
>> >> > And besides, as it is only bound to 127.0.0.1, this is the loopback
>> >> address
>> >> > only reachable from the machine itself.
>> >> >
>> >> > So for you there is no risk (a case of too much knowledge can bring
>> >> > on
>> >> > unfound fear)
>> >> >
>> >> > Regards, Martin
>> >> >
>> >> > MartinVisser99@xxxxxxxxx
>> >> >
>> >> >
>> >> > On Thu, Apr 1, 2010 at 11:20 AM, M K <gedropi@xxxxxxxxx> wrote:
>> >> >
>> >> >> Currently I am using Firefox browser manually configured to have all
>> >> >> traffic use a single port thru my proxy. However, when I launch a
>> >> >> browser, FF opens four additional, consecutive  ports (127.0.0.1:
>> extra
>> >> >> ports) as seen with netstat.  In WS, when I search for these
>> >> >> four additional ports I do not find them. Not an expert so could
>> >> >> someone please enlighten me.  I hate to have anything invisible.
>> >> >> Thanks
>> >> >>
>> >> >> --
>> >> >> All that is necessary for evil to succeed is that good men do
>> nothing.
>> >> >>
>> >> >>              ~Edmund Burke
>> >> >>
>> >>
>> ___________________________________________________________________________
>> >> >> Sent via:    Wireshark-users mailing list <
>> >> wireshark-users@xxxxxxxxxxxxx>
>> >> >> Archives:    http://www.wireshark.org/lists/wireshark-users
>> >> >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>> >> >>             mailto:wireshark-users-request@xxxxxxxxxxxxx
>> >> >> ?subject=unsubscribe
>> >> >>
>> >> >
>> >>
>> >>
>> >> --
>> >> All that is necessary for evil to succeed is that good men do nothing.
>> >>
>> >>              ~Edmund Burke
>> >>
>> ___________________________________________________________________________
>> >> Sent via:    Wireshark-users mailing list <
>> wireshark-users@xxxxxxxxxxxxx>
>> >> Archives:    http://www.wireshark.org/lists/wireshark-users
>> >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>> >>             mailto:wireshark-users-request@xxxxxxxxxxxxx
>> >> ?subject=unsubscribe
>> >>
>> >
>>
>>
>> --
>> All that is necessary for evil to succeed is that good men do nothing.
>>
>>              ~Edmund Burke
>> ___________________________________________________________________________
>> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
>> Archives:    http://www.wireshark.org/lists/wireshark-users
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>>             mailto:wireshark-users-request@xxxxxxxxxxxxx
>> ?subject=unsubscribe
>>
>


-- 
All that is necessary for evil to succeed is that good men do nothing.

              ~Edmund Burke
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube