Localhost "127.0.0.1" command prompt
Solved
galaxyone92
Posted messages
103
Status
Membre
-
galaxyone92 Posted messages 103 Status Membre -
galaxyone92 Posted messages 103 Status Membre -
Hello,
I am currently using Windows 10 and when I am in the command prompt "Windows + r" + "cmd" I type "netstat" in local address "TCP" I have about fifty "127.0.0.1: 1120" followed by the remote address LAPTOP-SRVPDNSN
time wait
Ps: The IP of my computer is named like that.
Then I have my router 192.168 etc.
I have 3 computers and generally I don’t have 127.0.0.1 entries, this is the only one. I’m afraid that it’s a redirection of what I do on the internet.
How can I remove the 127.0.0.1 from the command prompt?
Thank you for your help sincerely
I am currently using Windows 10 and when I am in the command prompt "Windows + r" + "cmd" I type "netstat" in local address "TCP" I have about fifty "127.0.0.1: 1120" followed by the remote address LAPTOP-SRVPDNSN
time wait
Ps: The IP of my computer is named like that.
Then I have my router 192.168 etc.
I have 3 computers and generally I don’t have 127.0.0.1 entries, this is the only one. I’m afraid that it’s a redirection of what I do on the internet.
How can I remove the 127.0.0.1 from the command prompt?
Thank you for your help sincerely
13 réponses
Good evening,
Run the command prompt as an administrator.
Type the command "netstat -b". This will show you the process involved in using the localhost.
It is not unusual for processes to need to communicate over localhost (this is an auto-addressing 127.0.0.1). This corresponds to the operation of the local PC in a client-server model. There is a good chance that it could be, for example, your browser or any software using a local database that are listed this way.
Run the command prompt as an administrator.
Type the command "netstat -b". This will show you the process involved in using the localhost.
It is not unusual for processes to need to communicate over localhost (this is an auto-addressing 127.0.0.1). This corresponds to the operation of the local PC in a client-server model. There is a good chance that it could be, for example, your browser or any software using a local database that are listed this way.
Hello,
You can't remove it (and it's not a good idea), localhost refers to communications here from your PC to another PC on your local network as evidenced by the name of the "remote" computer.
However, we can protect ourselves from any unwanted communications via localhost: you just need to block 127.0.0.1 in your firewall if the source address or the destination address is not on the local network 192.168...
You can't remove it (and it's not a good idea), localhost refers to communications here from your PC to another PC on your local network as evidenced by the name of the "remote" computer.
However, we can protect ourselves from any unwanted communications via localhost: you just need to block 127.0.0.1 in your firewall if the source address or the destination address is not on the local network 192.168...
"On can, however, protect ourselves from unwanted communications via localhost: it's enough in your firewall to block 127.0.0.1 if, in addition, the source or destination address is not on the local network 192.168..."
How do I do that with the firewall, please? I really don't want to see it on 'command prompt' anymore.
I feel like everyone can see what I'm doing? I really want to remove it?
On other computers, I have the same applications and it doesn't do this to me 127.0.0.1.
Is 127.0.0.1 normal or can you explain it to me?"
How do I do that with the firewall, please? I really don't want to see it on 'command prompt' anymore.
I feel like everyone can see what I'm doing? I really want to remove it?
On other computers, I have the same applications and it doesn't do this to me 127.0.0.1.
Is 127.0.0.1 normal or can you explain it to me?"
You cannot access localhost from a PC outside the local network unless you set up a web server and go back to square one; you need to filter the protocols and IPs that would make requests (for example, there is no reason to accept incoming TCP).
I don't know your firewall; if you don't want to see localhost requests on the local network, why seek them out via netstat?
If you're a bit paranoid, configure your firewall so that no communication can exit from the localhost IP to anything other than the local network IPs and that none can enter to localhost if the source IP is not from that local network.
There's nothing preventing you from allowing localhost only for the specific IP of the concerned PC and the gateway (Box), but then you risk communication failures on the local network.
In short, we don't see why someone "unauthorized" on the local network would make an intrusion attempt via localhost (which, as its name suggests, is an interface of the local computer) nor what there is "to see" through this means and, in any case, it always comes back to the same story; a correctly configured firewall will require connection requests from programs or services including on the local network and assuming that any password or sharing authorization is bypassed: if you don't want it, you block it and make it a rule.
I don't know your firewall; if you don't want to see localhost requests on the local network, why seek them out via netstat?
If you're a bit paranoid, configure your firewall so that no communication can exit from the localhost IP to anything other than the local network IPs and that none can enter to localhost if the source IP is not from that local network.
There's nothing preventing you from allowing localhost only for the specific IP of the concerned PC and the gateway (Box), but then you risk communication failures on the local network.
In short, we don't see why someone "unauthorized" on the local network would make an intrusion attempt via localhost (which, as its name suggests, is an interface of the local computer) nor what there is "to see" through this means and, in any case, it always comes back to the same story; a correctly configured firewall will require connection requests from programs or services including on the local network and assuming that any password or sharing authorization is bypassed: if you don't want it, you block it and make it a rule.
I'm in agreement with you, but the problem is that I forgot to mention that I don't know the procedure for removing or blocking 127.0.0.1 via the firewall in the command prompt.
That's why I'm asking for the steps I need to take, or is it normal to know if it's not a hacker?
Sorry, but I'm not knowledgeable about computers.
That's why I'm asking for the steps I need to take, or is it normal to know if it's not a hacker?
Sorry, but I'm not knowledgeable about computers.
It would be nice if you read what we're telling you: YOU CANNOT remove localhost, but you don't have to check it in netstat, otherwise I don't see the connection to the command prompt (there is no localhost command, just commands like PING that can invoke its name instead of its IP address).
It has also been ALREADY said that it is generally inaccessible from outside unless redirected because you are running a web server on your machine, so for hacking, we'll come back to that...
However, it was accessible from the LAN under certain conditions, still to be determined if the other users of your local network, if you have one and know them, will hack you.
Regarding the firewall, if it is correctly configured, it asks whether a particular application has the right to connect to a particular IP on a particular port; the circumstances under which we have to grant permission to a TCP or UDP IN application are exceptional, we will deny and make it a rule: in plain French, they will not connect where they are not explicitly allowed, whether localhost or elsewhere.
In contrast, a browser or email software, for example, may request access to the local loop and I see no reason to deny them.
A number of firewalls include a local IP zone and a local loop zone which can make life easier (you can allow everything that communicates between all local IPs or only part of it rather than specifying these addresses every time).
But where I use the first rule of the local IP zone, I have never had to implement that of the local loop except for the exceptions I mentioned (and where in any case everything that comes in otherwise is denied and everything that goes out is limited to the strict minimum, DNS, POP/IMAP ports, http(s) ports, which demonstrates, if needed, that no external application has ever requested access.)
It has also been ALREADY said that it is generally inaccessible from outside unless redirected because you are running a web server on your machine, so for hacking, we'll come back to that...
However, it was accessible from the LAN under certain conditions, still to be determined if the other users of your local network, if you have one and know them, will hack you.
Regarding the firewall, if it is correctly configured, it asks whether a particular application has the right to connect to a particular IP on a particular port; the circumstances under which we have to grant permission to a TCP or UDP IN application are exceptional, we will deny and make it a rule: in plain French, they will not connect where they are not explicitly allowed, whether localhost or elsewhere.
In contrast, a browser or email software, for example, may request access to the local loop and I see no reason to deny them.
A number of firewalls include a local IP zone and a local loop zone which can make life easier (you can allow everything that communicates between all local IPs or only part of it rather than specifying these addresses every time).
But where I use the first rule of the local IP zone, I have never had to implement that of the local loop except for the exceptions I mentioned (and where in any case everything that comes in otherwise is denied and everything that goes out is limited to the strict minimum, DNS, POP/IMAP ports, http(s) ports, which demonstrates, if needed, that no external application has ever requested access.)
192.168.*.* is the IP address of your machine; it can and must be different on each PC that you have.
For example, on one PC you have 192.168.0.25 and on another you have 192.168.0.26; it is thanks to these addresses that they recognize each other on the network.
As for 127.0.0.1, it is simply the address of the local server, more commonly referred to as localhost.
If you use software for creating websites such as EasyPhp, you will undoubtedly need a local server to display the content that will be on the server side.
A local server is only seen by the user of the PC, which is you.
--
Knowledge is acquired through experience; all the rest is just information. A. Einstein
For example, on one PC you have 192.168.0.25 and on another you have 192.168.0.26; it is thanks to these addresses that they recognize each other on the network.
As for 127.0.0.1, it is simply the address of the local server, more commonly referred to as localhost.
If you use software for creating websites such as EasyPhp, you will undoubtedly need a local server to display the content that will be on the server side.
A local server is only seen by the user of the PC, which is you.
--
Knowledge is acquired through experience; all the rest is just information. A. Einstein
Thank you for your response. As I mentioned earlier, I don't know localhost; this is my first time.
It is the only computer among three that does this, so I thought it was a hack or that everything I was doing was being redirected to them.
Thank you for your answers.
It is the only computer among three that does this, so I thought it was a hack or that everything I was doing was being redirected to them.
Thank you for your answers.
More or less depending on the installed applications,
the entire PC and even other systems have listening connections on localhost.
I'll show you my system where I am right now, it's Linux, but it's pretty much the same:
As you can see, there are even localhost to localhost connections galore.
the entire PC and even other systems have listening connections on localhost.
I'll show you my system where I am right now, it's Linux, but it's pretty much the same:
brupala@Textorm:~$ netstat -ut
Active Internet connections (without servers)
Proto Recv-Q Send-Q Local Address Remote Address State
tcp 0 0 localhost:21103 localhost:35052 TIME_WAIT
tcp 0 0 localhost:25001 localhost:48684 ESTABLISHED
tcp 0 0 localhost:21103 localhost:35048 TIME_WAIT
tcp 0 0 Textorm:59828 a23-54-52-190.dep:https ESTABLISHED
tcp 0 0 Textorm:57560 ec2-52-70-31-225.:https ESTABLISHED
tcp 0 0 localhost:21103 localhost:35046 TIME_WAIT
tcp 0 0 Textorm:34404 106.236.102.34.bc:https ESTABLISHED
tcp 0 0 Textorm:59830 a23-54-52-190.dep:https ESTABLISHED
tcp 0 0 Textorm:56350 51-159-27-198.lb.:https ESTABLISHED
tcp 0 0 localhost:21103 localhost:35050 TIME_WAIT
tcp 0 0 Textorm:56352 51-159-27-198.lb.:https ESTABLISHED
tcp 0 0 Textorm:46674 a23-66-26-235.dep:https ESTABLISHED
tcp 0 0 localhost:48684 localhost:25001 ESTABLISHED
tcp6 0 0 2a01cb00881ce600b:40012 par10s40-in-x08.1:https ESTABLISHED
brupala@Textorm:~$
As you can see, there are even localhost to localhost connections galore.
It's true that we explain to him what localhost is, a local connection that is not linked to the internet; he wants to know if it's dangerous or not.
In fact,
There are two answers:
99.99% of the time, no, it's normal.
But there can be 0.01% of cases where it's a virus, most often an antivirus software that misdirects the internet connections to better control or distort them.
It's a form of proxy:
Destination site>>localhost(proxy)>>destination site
For example dnsmasq.
In fact,
There are two answers:
99.99% of the time, no, it's normal.
But there can be 0.01% of cases where it's a virus, most often an antivirus software that misdirects the internet connections to better control or distort them.
It's a form of proxy:
Destination site>>localhost(proxy)>>destination site
For example dnsmasq.
"I’m afraid it might be a redirect of what I’m doing on the internet." (Moreover, I had mentioned it at the very top)
brupala: "He wants to know if it's dangerous or not."
Thank you, brupala, for finally answering my question; now you can close the discussion. That’s all I wanted to know.
Thanks again, brupala, and thank you for explaining what it’s for.
brupala: "He wants to know if it's dangerous or not."
Thank you, brupala, for finally answering my question; now you can close the discussion. That’s all I wanted to know.
Thanks again, brupala, and thank you for explaining what it’s for.
This is what I was talking about, should I be wary or is it completely normal considering that it's the only one doing this out of 3 computers?
If you want to know more about network activity,
open your Windows Resource Monitor, go to the network tab and check the processes, what they consume, where they are connected under network activity, TCP connections, listening ports.
A sort of netstat++.
You type resmon instead of netstat ....
You might understand things better.
In there, 127.0.0.1 is marked as the IPv4 loopback address (which is fitting, that's what it's called).
I'll send you a picture of mine on Windows later.
open your Windows Resource Monitor, go to the network tab and check the processes, what they consume, where they are connected under network activity, TCP connections, listening ports.
A sort of netstat++.
You type resmon instead of netstat ....
You might understand things better.
In there, 127.0.0.1 is marked as the IPv4 loopback address (which is fitting, that's what it's called).
I'll send you a picture of mine on Windows later.
To answer your question, see your message <16> and more specifically the image you showed, I have exactly the same thing as you and I am not hacked.
The localhost address is by default 127.0.0.1 and this is the case for all PCs.
However, you can configure port:8080 or 8888.
Here is a link that will help you understand networks
https://www.commentcamarche.net/contents/508-le-concept-de-reseau
Then, here is a link that will allow you to know about TCP/IP as well as the ports
https://www.commentcamarche.net/contents/539-tcp-ip.
Regarding security on the internet, I am sharing this link (in French)
https://www.cybermalveillance.gouv.fr/tous-nos-contenus/actualites/comment-se-proteger-sur-internet
The first line of defense is you. Do not click indiscriminately on a link, an image, a button found on websites. Read carefully before doing anything,
too often, an "OK" button is displayed on a web page, people have gotten into the habit of no longer paying attention to the "blah blah" that comes before. This is a serious mistake!!!
It's a bit like signing a document without having read it
Imagine I send you a document or web page and in it, I state somewhere that you owe me 100,000,000 euros and that to approve this document or this page I ask you to sign or click the OK button. Given that there is a lot of "blah blah", the user no longer pays attention, goes straight to the signature box or the "OK" button and once signed or after pressing "OK", it's too late for you.
Follow these few tips and above all, stay vigilant.
Make sure that the website address displayed on your screen is secure.
A secure site always starts with HTTPS:\\ it is also recognizable because often there is a closed padlock in front that you can click on to get a lot of information about the site
An unsecured address will be of this type HTTP\\: and there is no padlock in front
This does not mean that the site is bad, but on such sites, you should never fill out or give personal data, nor make bank payments.
Do not respond to emails such as you have won a trip, a car, and/or you are to inherit from prince xxxxxx from such or such countries in Africa, but to be able to receive your inheritance, we ask you to...
Never give anyone your MAC address or MAC address, because there, yes, there is danger.
An IP address is provided by your ISP (Internet Service Provider), it can be regenerated every x time.
However, the MAC address is unique and is directly provided by the network card. There cannot be two identical MAC addresses.
A good antivirus that is up to date with regular updates, a physical and/or software firewall, and anti-malware for any malicious software should normally protect you from malicious individuals or at least limit the risks.
The localhost address is by default 127.0.0.1 and this is the case for all PCs.
However, you can configure port:8080 or 8888.
Here is a link that will help you understand networks
https://www.commentcamarche.net/contents/508-le-concept-de-reseau
Then, here is a link that will allow you to know about TCP/IP as well as the ports
https://www.commentcamarche.net/contents/539-tcp-ip.
Regarding security on the internet, I am sharing this link (in French)
https://www.cybermalveillance.gouv.fr/tous-nos-contenus/actualites/comment-se-proteger-sur-internet
The first line of defense is you. Do not click indiscriminately on a link, an image, a button found on websites. Read carefully before doing anything,
too often, an "OK" button is displayed on a web page, people have gotten into the habit of no longer paying attention to the "blah blah" that comes before. This is a serious mistake!!!
It's a bit like signing a document without having read it
Imagine I send you a document or web page and in it, I state somewhere that you owe me 100,000,000 euros and that to approve this document or this page I ask you to sign or click the OK button. Given that there is a lot of "blah blah", the user no longer pays attention, goes straight to the signature box or the "OK" button and once signed or after pressing "OK", it's too late for you.
Follow these few tips and above all, stay vigilant.
Make sure that the website address displayed on your screen is secure.
A secure site always starts with HTTPS:\\ it is also recognizable because often there is a closed padlock in front that you can click on to get a lot of information about the site
An unsecured address will be of this type HTTP\\: and there is no padlock in front
This does not mean that the site is bad, but on such sites, you should never fill out or give personal data, nor make bank payments.
Do not respond to emails such as you have won a trip, a car, and/or you are to inherit from prince xxxxxx from such or such countries in Africa, but to be able to receive your inheritance, we ask you to...
Never give anyone your MAC address or MAC address, because there, yes, there is danger.
An IP address is provided by your ISP (Internet Service Provider), it can be regenerated every x time.
However, the MAC address is unique and is directly provided by the network card. There cannot be two identical MAC addresses.
A good antivirus that is up to date with regular updates, a physical and/or software firewall, and anti-malware for any malicious software should normally protect you from malicious individuals or at least limit the risks.
is it possible to hack me because of this?
or redirect everything I do?
please thank you for your answers
ps: I'm sorry to be annoying with my questions but all my work is on this computer.
or redirect everything I do?
please thank you for your answers
ps: I'm sorry to be annoying with my questions but all my work is on this computer.
If you have Windows Defender active, you don't have much to fear; once again, you can see it on my screen, the internal connections between localhost and localhost are normal and classic, as long as they are handled by software you have installed and recognize. You see, I have plenty of them on NoMachine (nxserver/client/node) and Firefox.
Thank you for your patience, brupala. I don't know much about computers, I had the impression that I had been hacked or that it was due to keyloggers.
Thanks again for letting me know that in the end, it's normal.
Thanks again for letting me know that in the end, it's normal.
Hi
I just checked my post and I'm really stupid because it's the battle.net download (1120) that gave the same image. Please excuse me for all these messages.
I tested on my second computer 192.168 and after the battle.net download 127.0.0.1 it did the same thing.
Please excuse me for all these messages.
I feel more reassured now; have a very good day.