Menu
Can any data exchanged on a local machine using the loopback IP 127.0.0.1 (localhost) be packet sniffed if the PC is also connected to a network (wireless or landline)?
Would like to know if the loopback, as a means of interprocess communication for locally running processes, can be regarded as a secure means of exchanging data (i.e., not privy to ease-dropping by anyone that resides externally on the network with a packet sniffer program).
This question is being asked in respect to all the pertinent OS platforms:
548
To capture local loopback traffic, Wireshark needs to use the npcap packet capture library. This package is included with the later versions of Wireshark. But older versions included the WinPcap library, which does not support loopback capture.
CommView allows you to capture traffic on the loopback interface. To start monitoring the loopback interface, select it from the drop-down list in the toolbar. Loopback packets are the packets sent/received within the same computer, i.e. self-addressed packets.
When you open Wireshark, you see a screen showing you a list of all the network connections you can monitor. You also have a capture filter field to only capture the network traffic you want to see. You can select one or more of the network interfaces using shift+left-click.
The loopback interface has no hardware associated with it, and it is not physically connected to a network. The loopback interface allows IT professionals to test IP software without worrying about broken or corrupted drivers or hardware. So that means you do not need a NIC to be able to ping your loopback addresses.
Yes, this is secure. As VBNight stated, the traffic never hits the wire or air.
But, you can actually sniff localhost traffic on your local machine. For example on my linux box I did the following:
sudo tcpdump -i lo
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 96 bytes
15:29:58.056585 IP localhost.56010 > localhost.16001: S 3572335637:3572335637(0) win 32792 <mss 16396,sackOK,timestamp 132126218 0,nop,wscale 6>
15:29:58.056604 IP localhost.16001 > localhost.56010: R 0:0(0) ack 3572335638 win 0
15:29:59.026016 IP localhost.41664 > localhost.41664: UDP, length 1
15:29:59.026346 IP localhost.41664 > localhost.41664: UDP, length 1
15:29:59.126838 IP localhost.41664 > localhost.41664: UDP, length 1
15:29:59.127486 IP localhost.41664 > localhost.41664: UDP, length 1
So, you can use it to sniff your own traffic/IPC messages, but nobody else can see it on the network.
This is a very common case in systems to use a protocol like TCP or UDP for local IPC over the lo interface.
65
It should be safe from packet sniffing off the network because the traffic never goes on the wire (or airwaves).
A process on that local machine could sniff the packets tho.
40
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
