ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Wireshark-users: Re: [Wireshark-users] localhost versus url

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Wed, 9 Mar 2011 23:39:09 -0800
On Mar 9, 2011, at 11:19 PM, Jaap Keuter wrote:

> Assuming your domain name is resolved to your public IP address on the outside of the firewall/NAT, your assumption is right.
> 
> When entering localhost in the URL, that's resolved to 127.0.0.1, your local machines loopback interface. No Ethernet networking involved, so watching with Wireshark won't show this traffic at all (unless capturing the on the loopback interface on a !Windows machine).

!Windows && !Solaris - Solaris (except perhaps in OpenSolaris 11) doesn't support a capture mechanism that can listen to loopback traffic.

On the other hand:

> When entering the FQDN in the URL, that's resolved to your outside address. Browser traffic flows to that address first, then comes back to access the Apache server. Now you'll see the traffic when you capture on the network interface, once going out and once coming in.

...in at least some operating systems, even attempts to send packets to one of your own network addresses will go through the same path as attempts to send packets to 127.0.0.1, so either you won't be able to capture them at all, on Windows (where there is no equivalent to UN*X loopback interfaces; the Windows "loopback interface" is different) or on UN*Xes where you can't capture in the loopback interface, or you'll have to capture them on the loopback interface, just as you capture traffic to 127.0.0.1.

> In the circumstance that there's no NAT involved (so your outside address is your interface address) you still end up with more delay that going through the loopback interface. The extra DNS interactions, and probably additional safety measures of your platform, take away a little time for every object retrieved.

My guess is that's the performance issue; traffic from your machine to one of its non-loopback IP addresses, or to its loopback address, largely go through the same code path, so it's probably that looking up the host name via DNS is slower than looking up "loopback" or that something else is triggered by traffic to a local address that's not triggered by traffic to 127.0.0.1.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube