Score:-1

Ubuntu

What's the difference between address 0.0.0.0, [::] and *?

étale-cohomology

2/20/23, 6:04 PM

If you run something like ss -tunlp (or netstat -tunlp) you get a list of listening ports.

The standard format should be <host>:<port>, eg. 127.0.0.3:5000.

But you also see 0.0.0.0:<port> and [::]:<port>. What do these 2 mean?

In particular, if you see [::]:22 or 0.0.0.0:22 or *:22, does that mean anyone can ssh into that machine?

133

0 + 0

ssh

networking

port-forwarding

network-monitoring

Score:2

Ubuntu

frippe

2/20/23, 6:35 PM

0.0.0.0:<port> is IPv4, [::]:<port> is IPv6, and the square brackets is to separate the address from the port. When they are listed under Local Address, they mean that the specific process is listening on all local addresses. *:<port> means any address, both IPv4 and IPv6 (thanks @raj for pointing out that I overlooked the question in the title and completing the answer in the comments).

Now, listening on all interfaces/addresses doesn't mean everyone can connect to your machine. If it's your PC for instance, it probably is shielded from the scary world by a router. Furthermore, any firewalls/iptables will decide which packet will be accepted and which will be dropped.

Listening and being reachable are two different things.

0 + 0

raj

2/20/23, 6:41 PM

You didn't explain exactly the difference. `0.0.0.0:22` in netstat output means that ssh daemon is listening on all IPv4 interfaces the machine has, `[::]:22` means it is listening on all IPv6 interfaces, and `*:22` means it is listening on both IPv4 and IPv6 interfaces.

frippe

2/20/23, 6:45 PM

@raj You're right - I missed the question in the title. Thanks for completing the answer

étale-cohomology

2/21/23, 12:11 AM

@raj If you written that as an answer I'd have chosen that as an answer because it answers my question, but I'm selecting this one because it's the only available (and it's not too bad)

frippe

2/21/23, 5:33 AM

What information are you missing in the answer?

Qian Chen

8/12/23, 5:45 AM

I think `[::]` means **both** IPv4 and IPv6.

frippe

8/12/23, 6:22 AM

@QianChen, I don't think that's true. `::` is used in place of blocks of only zeros in IPv6 addresses, but IPv4 addresses are already quite short so it's typically not a problem to write out the entire thing, zeros and all. The IPv4 version of `[::]` is `0.0.0.0`, or, on [Linux](https://man7.org/linux/man-pages/man3/inet_addr.3.html), one could just use `0` in some places.

Qian Chen

8/12/23, 7:45 AM

@frippe in practice, when you listen on `[::]`, it listens on both all v4 and v6 addresses. I tested it in Golang and Deno.

frippe

8/12/23, 11:26 AM

@QianChen, see my edit with an example using `netcat`, demonstrating how IPv4 connections are accepted for `*:<port>` but defined for `[::]:<port>`.

Qian Chen

8/12/23, 12:07 PM

Oh, thanks @frippe for the examples. It looks it really depends on how `[::]` is interpreted by different programs.

frippe

8/12/23, 12:29 PM

@QianChen, ("Defined" was supposed to be "denied" in my previous comment). What does `ss -tn` output for your example programs?

Qian Chen

8/14/23, 5:37 AM

@frippe https://goweb.az.ht/ss-tn-output.txt

frippe

8/14/23, 7:48 AM

@QianChen, sorry, forgot to mention the `-l` flag to `ss` to list the listening sockets: `ss -tlnp`

Qian Chen

8/14/23, 7:55 AM

@frippe I update the content of the link. Can you please refresh? Thanks.

frippe

8/14/23, 8:26 AM

@QianChen, thanks! It's listening on *:8080, so that's consistent with my answer that it'll accept both IPv4 and IPv6. You could try setting `sysctl -w net.ipv6.bindv6only=1` and check `ss` to confirm it's listening on `[::]` only and then try to connect with `nc ‐4zv localhost 8080` and you should notice the connection is refused.